On 23/08/2011 10:48, Martin O'Shea wrote:
> Hello
>
> I wonder if anyone can advise? I am using Tomcat 6.0.26 in an application
> with a MySQL 5.* back end database.
>
> Currently my users' username and userrole details are stored in the User
> table of the database.
>
> At the moment though, there is no actual logging in facility in the
> application. What I want is for users to be able to log in only when they
> have to create content, and then for the login facility to be embedded in
> the relevant pages, e.g. if a user posts a comment, they log in and then
> return to the comment posting page.
>
> I can do this using my own look-up process to check a user's name and
> password, but can this be done through the j_username and j_password
> combination as part of Tomcat's:
>
> <form method = "POST" action='<%= response.encodeURL("j_security_check") %>'
>
> Process? I do not want the application in question to be accessible only
> through a log in page.
>
> There is no secure information held in the database and the users' passwords
> are encrypted using MD5.Tomcat applies auth by checking the URL of the request. So if you put the comment form URL inside an area requiring auth, you'll get the result you want. It's up to you to handle the comment form redirection. If you configure FORM auth with the following URL secured: /account/* you could make: /account/add_comment the URl for, well, adding a comment. Tomcat will then ask a user to login before they can submit to the form. p
signature.asc
Description: OpenPGP digital signature
