resend...fourth time didn't catch ;((((. -----Original Message----- From: The elephantwalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 4:34 PM To: Orion-Interest Subject: RE: Form-based login
resend...third time didn't catch ;(((. -----Original Message----- From: The elephantwalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 3:09 PM To: Orion-Interest Subject: RE: Form-based login resend...resend, second time didnt catch ;((. -----Original Message----- From: The elephantwalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 2:44 PM To: Orion-Interest Subject: RE: Form-based login resend...first time didn't catch ;(. -----Original Message----- From: The elephantwalker [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 2:16 PM To: Orion-Interest Subject: RE: Form-based login Dear juha, Jan is correct. This little oversight in the servlet spec doesn't allow any built-in portlet type behaviour. There is a work around, however. Put in a little login form on every page (like with the jsp:include). Wrap the form with the ifInRole tag from the util tag library. If its in your role, display a logout, or change account link. Likewise, use the inInRole tag to switch out or in any protected content. For your little login form, choose an action to a login servlet. In the login servlet, use the roleManager to log the user in...and forward to the requesting page, which was a hidden input in your little login form. You have to bend over and scratch your back, but you can do this with j2ee and orion. Come join the www.elephantwalker.com web site, and join the discussions. We have many on user security. Regards, the elephantwalker www.elephantwalker.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jan Heise Sent: Tuesday, October 02, 2001 10:38 AM To: Orion-Interest Subject: AW: Form-based login hi juha, regarding your last paragraph, i think this is the intention of the servlet-spec - and the only "real" usage. all other types of login should be done differently but not via j_security_check. jan -- Jan Heise / Tel: +49-163-4803237 / E-Mail: [EMAIL PROTECTED] -----Ursprungliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Im Auftrag von Juha Paananen Gesendet: Dienstag, 2. Oktober 2001 15:52 An: Orion-Interest Betreff: Form-based login Hi! In WebLogic 6, the j_security_check recognizes a parameter "j_target_url". I don't think this is part of the J2EE spec, but a WebLogic feature instead. Do you know if there's an equivalent to this in Orion? At least, this j_target_url doesn't seem to work. I need this in a website where there is always (at least, when user has not logged in) a small "login form" visible in the left column, and this form should be submitted to j_security_check and then a specific "welcome page" should be displayed. If I just post the form to j_security_check, I get an error message in the browser "You are not authorized to view this page".. The only way I've managed to make the form-based login to work, is by surfing to some page that has a security-constraint. In this case, Orion takes me to the login form and then to the originally requested page, just as it is supposed to do.. Thanks, Juha