Olayemi Olatunji wrote:
Hello Guys,
I’m sort of a newbie to this but I need to know if its achievable.
I want to create multiple login pages within a single web app e.g
www.tomcat.org/login1, /login2
How can I achieve this?
Hi.
Since you claim to be a newbie at this, I'll try to provide a "learning answer".
1) the simple answer to your question would be : no (or at least not when using the
standard built-in authentication mechanisms).
But do not be too disappointed, because a more complete answer might be "perhaps, but it
depends on the circumstances and on what you want to achieve exactly".
2) a basic and generic explanation of how WWW authentication works :
a) the browser sends a request to the server, for some server resource (e.g. a specific
HTML page)
b) the server receives this request, and checks in its configuration, if this resource is
"protected" and requires some form of authentication/permission.
If not, the server returns the requested page and things stop here.
So the rest below, is in the case where the requested resource is protected.
c) the server then checks if the browser request already contained some form of user
authentication. (This can be various things, and i will not elaborate at this stage).
If the request contained such an authentication, the server verifies it, and if it is ok,
the server returns the requested resource (e.g. the desired HTML page), and things again
stop here.
d) if the request did not contain ditto valid authentication, instead of returning the
requested resource, the server sends back something, to let the browser/user know that an
authentication is required. This can also be various things, and I will again not
elaborate, but let's suppose that in your case what is returned is a login page.
e) the user/browser gets and sees the login page. The user fills it in, with user-id and
password, and sends this info back to the server.
f) the server verifies the submitted user-id/password, and if it is ok, returns the
desired resource to the browser/user. At the same time as sending that requested page,
the server also sends some "token" to the browser (for example a cookie), containing the
proof that this browser/user is now authenticated.
g) for subsequent requests to the same server, the browser now always sends this token
along with the next requests. This will fulfill the check that happens at (c) above, so
that for these following requests, the server will be happy and will return the requested
pages, without asking again for authentication.
There are many variations possible in the details, but in rough terms, all forms of WWW
authentication follow more or less the above scheme.
Your question relates to step (d) above.
The server has to return a login page, but you say that it should return a specific one
among several possible login pages.
The question thus becomes : how does the server know /which/ login page to
return ?
(The user is not yet known/authenticated, so the server cannot use the user-id or any
other user-related information in order to choose.)
So what other criteria can the server use then ?
Possibilities would be :
- the login page changes depending on the time of day (that's kind of unusual, but it is
just to illustrate the point)
- the login page changes depending on the user's IP address
- the login page changes depending on something else which the browser sends along with
the initial request
So, what is your use case precisely, and what are you trying to achieve ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
