Re: re-Logon after session timeout
"Ralph vd Houdt" <[EMAIL PROTECTED]> wrote:
> Hi Gregor,
>
> This sound OK, Can you point me to documentation on this or give me
> additional information?
It is quite simple.
The "normal" login.jsp looks like this:
Username:
Password:
You would use something like this (for simplicity here pure JSP,
it can be done with Struts as well:
User:
Company:
Password:
And checklogin.jsp would do something like this:
<%
String j_username =
request.getParameter("company") + "/" + request.getParameter("user");
String j_password = request.getParameter("password);
%>
Of course, the mapping logic from company+user to web-user can be
more complex than simple concatenation with a "/" as separator.
Actually, I've never used it for such mapping. I've used it for
auto-login directly in the first login.jsp.
It checks to see, whether the user can be identified by a cookie and
tries to retrieve the username/password from a database. Then, instead
of displaying the login form, it directly forwards to j_security_check.
groetjes
--
gR
> - Original Message -
> From: "Gregor Rayman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, September 06, 2001 4:43 PM
> Subject: Re: re-Logon after session timeout
>
>
> > "Ralph vd Houdt" <[EMAIL PROTECTED]> wrote:
> >
> > > Hi Jon,
> > >
> > > This is not just what I want. I want to do a login based on 3 fields
> > > company/user/password and evaluate then to an EJB. The login should put
> an
> > > object in the session.
> > >
> > > Greetings Ralph
> >
> > You can do this with form based login as well.
> > Your form would not have the action "j_security_check", it would
> > point to another action which would map the three field to the
> > two (user/password) and forward to j_security_check.
> >
> > --
> > gR
> >
> >
> >
>
>
Re: re-Logon after session timeout
Hi Gregor, This sound OK, Can you point me to documentation on this or give me additional information? Greetings - Original Message - From: "Gregor Rayman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 06, 2001 4:43 PM Subject: Re: re-Logon after session timeout > "Ralph vd Houdt" <[EMAIL PROTECTED]> wrote: > > > Hi Jon, > > > > This is not just what I want. I want to do a login based on 3 fields > > company/user/password and evaluate then to an EJB. The login should put an > > object in the session. > > > > Greetings Ralph > > You can do this with form based login as well. > Your form would not have the action "j_security_check", it would > point to another action which would map the three field to the > two (user/password) and forward to j_security_check. > > -- > gR > > >
Re: re-Logon after session timeout
"Ralph vd Houdt" <[EMAIL PROTECTED]> wrote: > Hi Jon, > > This is not just what I want. I want to do a login based on 3 fields > company/user/password and evaluate then to an EJB. The login should put an > object in the session. > > Greetings Ralph You can do this with form based login as well. Your form would not have the action "j_security_check", it would point to another action which would map the three field to the two (user/password) and forward to j_security_check. -- gR
Re: re-Logon after session timeout
Hi Jon, This is not just what I want. I want to do a login based on 3 fields company/user/password and evaluate then to an EJB. The login should put an object in the session. Greetings Ralph - Original Message - From: "Jon Brisbin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 06, 2001 4:20 PM Subject: Re: re-Logon after session timeout > this sounds like you're wanting to use Tomcat's role-based > authentication...if you look in the example webapp that comes with the > tomcat distro, you can find settings in web.xml that set up a secure > area...if you edit tomcat's server.xml file and find the "Realm" stuff, you > can set up an authentication scheme that uses a form-based login... > > if you protect urls of say "/member/whatever" then when anyone requests > "/member/whatever/stuff?query-string" then if they're not logged in, it > forwards them to your login page, then if successful sends the to whatever > they originally requested... > > this functionality is part of tomcat and requires no extra code on your > part... > > jb > > - Original Message - > From: "Ralph vd Houdt" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 06, 2001 9:18 AM > Subject: Re: re-Logon after session timeout > > > > Too bad, I'm using Tomcat 3.2.2 together with JBoss. > > > > Keep me in touch with your development it sound good. > > > > Greetings Ralph > > > > - Original Message - > > From: "Erik Hatcher" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, September 06, 2001 3:29 PM > > Subject: Re: re-Logon after session timeout > > > > > > > I'm accomplishing this very thing using Resin's Servlet 2.3 Filter > > support. > > > The filter determines the user is not logged in, saves the requesting > URI > > in > > > a session attribute, and forwards to the login page. The login action > > > checks for the existence of the session attribute with the saved URI and > > > forwards to that upon a successful login. > > > > > > I'm sure it could be done in a Servlet 2.2 environment also, but would > > > require more effort. > > > > > > Erik > > > > > > > > > - Original Message - > > > From: "Ralph vd Houdt" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, September 06, 2001 12:09 AM > > > Subject: re-Logon after session timeout > > > > > > > > > > Hi All, > > > > > > > > I developed a struts application and re-used the checkLogon tag from > the > > > > login example from Ted Husted. It works quite well but when a client > > loses > > > > the session in case of a session timeout and a new request is done the > > > > Action is cancelled because the User object isn't in the session > > anymore. > > > Is > > > > there a possibility to: > > > > > > > > - route the user to the logonform. (And re-add the User object) > > > > - after logon, repost the initial request. > > > > - continue based on the initial request > > > > > > > > Greetings Ralph. > > > > > > > > > > > > > > > > > > > > > > > >
Re: re-Logon after session timeout
this sounds like you're wanting to use Tomcat's role-based authentication...if you look in the example webapp that comes with the tomcat distro, you can find settings in web.xml that set up a secure area...if you edit tomcat's server.xml file and find the "Realm" stuff, you can set up an authentication scheme that uses a form-based login... if you protect urls of say "/member/whatever" then when anyone requests "/member/whatever/stuff?query-string" then if they're not logged in, it forwards them to your login page, then if successful sends the to whatever they originally requested... this functionality is part of tomcat and requires no extra code on your part... jb - Original Message - From: "Ralph vd Houdt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 06, 2001 9:18 AM Subject: Re: re-Logon after session timeout > Too bad, I'm using Tomcat 3.2.2 together with JBoss. > > Keep me in touch with your development it sound good. > > Greetings Ralph > > - Original Message - > From: "Erik Hatcher" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 06, 2001 3:29 PM > Subject: Re: re-Logon after session timeout > > > > I'm accomplishing this very thing using Resin's Servlet 2.3 Filter > support. > > The filter determines the user is not logged in, saves the requesting URI > in > > a session attribute, and forwards to the login page. The login action > > checks for the existence of the session attribute with the saved URI and > > forwards to that upon a successful login. > > > > I'm sure it could be done in a Servlet 2.2 environment also, but would > > require more effort. > > > > Erik > > > > > > - Original Message - > > From: "Ralph vd Houdt" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, September 06, 2001 12:09 AM > > Subject: re-Logon after session timeout > > > > > > > Hi All, > > > > > > I developed a struts application and re-used the checkLogon tag from the > > > login example from Ted Husted. It works quite well but when a client > loses > > > the session in case of a session timeout and a new request is done the > > > Action is cancelled because the User object isn't in the session > anymore. > > Is > > > there a possibility to: > > > > > > - route the user to the logonform. (And re-add the User object) > > > - after logon, repost the initial request. > > > - continue based on the initial request > > > > > > Greetings Ralph. > > > > > > > > > > > > > >
Re: re-Logon after session timeout
Too bad, I'm using Tomcat 3.2.2 together with JBoss. Keep me in touch with your development it sound good. Greetings Ralph - Original Message - From: "Erik Hatcher" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 06, 2001 3:29 PM Subject: Re: re-Logon after session timeout > I'm accomplishing this very thing using Resin's Servlet 2.3 Filter support. > The filter determines the user is not logged in, saves the requesting URI in > a session attribute, and forwards to the login page. The login action > checks for the existence of the session attribute with the saved URI and > forwards to that upon a successful login. > > I'm sure it could be done in a Servlet 2.2 environment also, but would > require more effort. > > Erik > > > - Original Message - > From: "Ralph vd Houdt" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 06, 2001 12:09 AM > Subject: re-Logon after session timeout > > > > Hi All, > > > > I developed a struts application and re-used the checkLogon tag from the > > login example from Ted Husted. It works quite well but when a client loses > > the session in case of a session timeout and a new request is done the > > Action is cancelled because the User object isn't in the session anymore. > Is > > there a possibility to: > > > > - route the user to the logonform. (And re-add the User object) > > - after logon, repost the initial request. > > - continue based on the initial request > > > > Greetings Ralph. > > > > > > >
Re: re-Logon after session timeout
I'm accomplishing this very thing using Resin's Servlet 2.3 Filter support. The filter determines the user is not logged in, saves the requesting URI in a session attribute, and forwards to the login page. The login action checks for the existence of the session attribute with the saved URI and forwards to that upon a successful login. I'm sure it could be done in a Servlet 2.2 environment also, but would require more effort. Erik - Original Message - From: "Ralph vd Houdt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 06, 2001 12:09 AM Subject: re-Logon after session timeout > Hi All, > > I developed a struts application and re-used the checkLogon tag from the > login example from Ted Husted. It works quite well but when a client loses > the session in case of a session timeout and a new request is done the > Action is cancelled because the User object isn't in the session anymore. Is > there a possibility to: > > - route the user to the logonform. (And re-add the User object) > - after logon, repost the initial request. > - continue based on the initial request > > Greetings Ralph. > >
re-Logon after session timeout
Hi All, I developed a struts application and re-used the checkLogon tag from the login example from Ted Husted. It works quite well but when a client loses the session in case of a session timeout and a new request is done the Action is cancelled because the User object isn't in the session anymore. Is there a possibility to: - route the user to the logonform. (And re-add the User object) - after logon, repost the initial request. - continue based on the initial request Greetings Ralph.
