> > > My gripe with container managed authentication for Tomcat > was the inability > > to have a login page I could show the user myself (it > redirected the user to > > one, but showing one yourself wasn't possible). I would > have used it myself > > if it did what I wanted. :-/ > > What's wrong with customizing your login page with container > managed security?? > I am going to do just that.
:snip: > Now can I specify 2 login pages, 1 in pretty home page, 1 in > simple login JSP with only > 2 textfields by using <form-login-page> in web.xml? If not, > how can I do that? For me, *that's* what was precisely wrong with it. You can't do that. It works all right, but you cannot (least under Tomcat) provide the "j_security_check" form on any other page. You can't even direct the user to login.jsp yourself. The form *depends* on being redirected to it by Tomcat. Basically, using this method, it's just not possible to allow the user to log in before trying to grab a protected resource. He has to try it first and ONLY THEN, will he get a login prompt. SecurityFilter supports basically the exact same authentication mechanism (except you just declare it in a different .xml file. It was reeeeal easy to migrate), AND you *can* have the form on any page you want....AND there is a beta version for people to store "logged in" cookies on their browser if you want to allow for that functionality. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
