j2ee does the login check for you. If you are using form based login, and
have noted the access control in you depoyment properly....when the client
try's to access a controled resource, the user will be directed to the login
form.
If you are hardcoding the login, you may have set up some conflict with the
built-in j2ee security, which causes the login to display twice...once for
your hardcoded stuff (which probably didn't login using the same realm/role
as noted in the deployment descriptor), and then again for the role noted in
your descriptor. If they are not EXACTLY the same, you will get two logins.
If you didn't use a usermanager in your hardcoded security...but your
descriptor refers to the login form and users/role, you will get two logins.
My suggestion is to byte the bullet, and use the orion usermanager (we use
ejbusermanager, but there's an example of resourceusermanager at
www.orionsupport.com, and I have seen some reference to a ldapusermanager
floating around in the newsgroup).
Regards,
The elephantwalker
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rian Schmidt
Sent: Tuesday, April 10, 2001 3:45 PM
To: Orion-Interest
Subject: forward with a null request...
Hi,
Just out of curiosity, can anyone explain why it is that I have to set the
request to null to prevent our login page from being displayed twice?
Here's the setup:
Client makes a request for a page in the /client directory, a filter is
invoked on the request looking for a 'userSession' session attribute, if
it's not there, the requestURI is stashed in a session attribute and control
is forwarded to the /login/index.jsp page. As an aside, I put a line in to
output to the console when the forward happens, and it's only printed out
once per request in either of the following cases.
If I forward like this:
getFilterConfig().getServletContext().getRequestDispatcher("/login/index.jsp
").forward(request,response);
I get the login page displayed twice in the browser (which strikes me as
weird... two complete copies in one browser).
Whereas if I do this:
getFilterConfig().getServletContext().getRequestDispatcher("/login/index.jsp
").forward(null,response);
it works like you'd expect.
As I said, we've got it working, but I'm curious what this is about. Thanks
for any insight.
Rian
--
Rian Schmidt
[EMAIL PROTECTED]
