Re: How does tomcat redirect from login
Hi Jim, You might want to look at SecurityFilter (http://securityfilter.sourceforge.net/). I have a write-up on this on my site (http://cymulacrum.net), using JDBC. If you look at the source files in the download tarball, you can easily guess how to adapt it for your own needs, I think. I'm not an expert on this filter by any means, so you'll have to dig around a bit on your own. Jim Kennedy wrote: Actually, I'm stupid here. j_security_check is not the issue. It's actually deeper in the container. Not a part of the motor I want to touch. -Original Message- From: Jim Kennedy [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 2:08 PM To: 'Tomcat Users List' Subject: RE: How does tomcat redirect from login Thanks, I'm surprised there is no way to do this. Why wouldn't they just pop it in the request. Seems very easy. I wonder if I could find the source for j_security_check and make the appropriate changes. I don't want to reinvent J2ee security. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 1:44 PM To: Tomcat Users List Subject: Re: How does tomcat redirect from login There is no way to do that. Your best alternative is to NOT use authentication/authorization via the spec and create some Servlet Filters to perform the appropriate authentication and authorization checks. That way, the filter can be smart enough to determine you user context and handle it approriately. The upside - is the path is very portable to othre conatiners. The downside is you reinvent some of the wheel. Lucky for you - there are other projects on the Internet which use Filters for this very purpose - so some of your work might already be done. -Tim Jim Kennedy wrote: I am using form based login, which is working fine for me. I would like to display different login content (on my login form) based on the desired intent of the user. So , if the user wants to go to a certain section of my site that is secure, I would like to capture the redirect page (the url of the secure page) before the user logs in. Knowing that URL will allow me to display specific content for that section. I have searched the session and the request scopes for something that looks like a redirect page. Can't find anything. Not even a cookie. So, how does tomcat store the intended (redirect) page during the login process for form based login. Where is it stored? How can I get it? Hope I don't need to hack the source for j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- A complex system that works is invariably found to have evolved from a simple system that works. ++ | Pascal Chong | | email: [EMAIL PROTECTED] | || | Please visit my site at : http://cymulacrum.net| | If you're using my documentation, please read the Terms and| | and Conditions at http://cymulacrum.net/terms.html | ++ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How does tomcat redirect from login
There is no way to do that. Your best alternative is to NOT use authentication/authorization via the spec and create some Servlet Filters to perform the appropriate authentication and authorization checks. That way, the filter can be smart enough to determine you user context and handle it approriately. The upside - is the path is very portable to othre conatiners. The downside is you reinvent some of the wheel. Lucky for you - there are other projects on the Internet which use Filters for this very purpose - so some of your work might already be done. -Tim Jim Kennedy wrote: I am using form based login, which is working fine for me. I would like to display different login content (on my login form) based on the desired intent of the user. So , if the user wants to go to a certain section of my site that is secure, I would like to capture the redirect page (the url of the secure page) before the user logs in. Knowing that URL will allow me to display specific content for that section. I have searched the session and the request scopes for something that looks like a redirect page. Can't find anything. Not even a cookie. So, how does tomcat store the intended (redirect) page during the login process for form based login. Where is it stored? How can I get it? Hope I don't need to hack the source for j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does tomcat redirect from login
Thanks, I'm surprised there is no way to do this. Why wouldn't they just pop it in the request. Seems very easy. I wonder if I could find the source for j_security_check and make the appropriate changes. I don't want to reinvent J2ee security. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 1:44 PM To: Tomcat Users List Subject: Re: How does tomcat redirect from login There is no way to do that. Your best alternative is to NOT use authentication/authorization via the spec and create some Servlet Filters to perform the appropriate authentication and authorization checks. That way, the filter can be smart enough to determine you user context and handle it approriately. The upside - is the path is very portable to othre conatiners. The downside is you reinvent some of the wheel. Lucky for you - there are other projects on the Internet which use Filters for this very purpose - so some of your work might already be done. -Tim Jim Kennedy wrote: I am using form based login, which is working fine for me. I would like to display different login content (on my login form) based on the desired intent of the user. So , if the user wants to go to a certain section of my site that is secure, I would like to capture the redirect page (the url of the secure page) before the user logs in. Knowing that URL will allow me to display specific content for that section. I have searched the session and the request scopes for something that looks like a redirect page. Can't find anything. Not even a cookie. So, how does tomcat store the intended (redirect) page during the login process for form based login. Where is it stored? How can I get it? Hope I don't need to hack the source for j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does tomcat redirect from login
Actually, I'm stupid here. j_security_check is not the issue. It's actually deeper in the container. Not a part of the motor I want to touch. -Original Message- From: Jim Kennedy [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 2:08 PM To: 'Tomcat Users List' Subject: RE: How does tomcat redirect from login Thanks, I'm surprised there is no way to do this. Why wouldn't they just pop it in the request. Seems very easy. I wonder if I could find the source for j_security_check and make the appropriate changes. I don't want to reinvent J2ee security. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 1:44 PM To: Tomcat Users List Subject: Re: How does tomcat redirect from login There is no way to do that. Your best alternative is to NOT use authentication/authorization via the spec and create some Servlet Filters to perform the appropriate authentication and authorization checks. That way, the filter can be smart enough to determine you user context and handle it approriately. The upside - is the path is very portable to othre conatiners. The downside is you reinvent some of the wheel. Lucky for you - there are other projects on the Internet which use Filters for this very purpose - so some of your work might already be done. -Tim Jim Kennedy wrote: I am using form based login, which is working fine for me. I would like to display different login content (on my login form) based on the desired intent of the user. So , if the user wants to go to a certain section of my site that is secure, I would like to capture the redirect page (the url of the secure page) before the user logs in. Knowing that URL will allow me to display specific content for that section. I have searched the session and the request scopes for something that looks like a redirect page. Can't find anything. Not even a cookie. So, how does tomcat store the intended (redirect) page during the login process for form based login. Where is it stored? How can I get it? Hope I don't need to hack the source for j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How does tomcat redirect from login
The root cause is the servlet spec does not mandate the exposure of the asset which triggered the login form. That is to say - there is no way defined by the spec for the login form to what resource caused the login form to appear. This stinks since it makes personalization of the login form a little more difficult. -Tim Jim Kennedy wrote: Actually, I'm stupid here. j_security_check is not the issue. It's actually deeper in the container. Not a part of the motor I want to touch. -Original Message- From: Jim Kennedy [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 2:08 PM To: 'Tomcat Users List' Subject: RE: How does tomcat redirect from login Thanks, I'm surprised there is no way to do this. Why wouldn't they just pop it in the request. Seems very easy. I wonder if I could find the source for j_security_check and make the appropriate changes. I don't want to reinvent J2ee security. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Saturday, April 17, 2004 1:44 PM To: Tomcat Users List Subject: Re: How does tomcat redirect from login There is no way to do that. Your best alternative is to NOT use authentication/authorization via the spec and create some Servlet Filters to perform the appropriate authentication and authorization checks. That way, the filter can be smart enough to determine you user context and handle it approriately. The upside - is the path is very portable to othre conatiners. The downside is you reinvent some of the wheel. Lucky for you - there are other projects on the Internet which use Filters for this very purpose - so some of your work might already be done. -Tim Jim Kennedy wrote: I am using form based login, which is working fine for me. I would like to display different login content (on my login form) based on the desired intent of the user. So , if the user wants to go to a certain section of my site that is secure, I would like to capture the redirect page (the url of the secure page) before the user logs in. Knowing that URL will allow me to display specific content for that section. I have searched the session and the request scopes for something that looks like a redirect page. Can't find anything. Not even a cookie. So, how does tomcat store the intended (redirect) page during the login process for form based login. Where is it stored? How can I get it? Hope I don't need to hack the source for j_security_check. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
