> -----Original Message----- > From: Joe Hertz [mailto:[EMAIL PROTECTED] > Sent: Friday, August 27, 2004 9:44 AM > To: 'Struts Users Mailing List' > Subject: RE: Question about authentication > > > > > > > My gripe with container managed authentication for Tomcat > > was the inability > > > to have a login page I could show the user myself (it > > redirected the user to > > > one, but showing one yourself wasn't possible). I would > > have used it myself > > > if it did what I wanted. :-/ > > > > What's wrong with customizing your login page with container > > managed security?? > > I am going to do just that. > > :snip: > > > Now can I specify 2 login pages, 1 in pretty home page, 1 in > > simple login JSP with only > > 2 textfields by using <form-login-page> in web.xml? If not, > > how can I do that? > > > For me, *that's* what was precisely wrong with it. You can't do that. > > It works all right, but you cannot (least under Tomcat) provide the > "j_security_check" form on any other page. You can't even > direct the user to > login.jsp yourself. The form *depends* on being redirected to > it by Tomcat.
Not quite... the form depends on the CONTAINER being redirected. This is as per the spec. THIS IS NOT A TOMCAT OR STRUTS ISSUE. THIS IS THE WAY THE SPEC SAYS TO DO IT. Thank you for your time. > > Basically, using this method, it's just not possible to allow > the user to > log in before trying to grab a protected resource. He has to > try it first > and ONLY THEN, will he get a login prompt. Yes, per the spec NOT tomcat. > > SecurityFilter supports basically the exact same > authentication mechanism > (except you just declare it in a different .xml file. It was > reeeeal easy to > migrate), AND you *can* have the form on any page you > want....AND there is a > beta version for people to store "logged in" cookies on their > browser if you > want to allow for that functionality. AND, you can do all this with a servlet and container managed security. See appfuse code for details. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
