-Original Message-
From: Michael Jennings [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 21, 2001 11:55 AM
To: [EMAIL PROTECTED]
Subject: Re: FORM-based authentication idea
The best way to think about form-based login is like this:
* The login page is (in essence) part
The best way to think about form-based login is like this:
* The login page is (in essence) part of the container,
not the application. Therefore, ...
* The login page should *never* be referenced directly by any
other application page, and ...
* The login page should *never* be
Why is the button there at all? There should be zero linkages to the
login page from *anywhere* in your user interface.
That's true. The point I was trying to make is that there is nothing to
stop an end-user from bookmarking a login page or typing it in
directly, even if you have no
On Thu, 21 Jun 2001, Michael Jennings wrote:
That's true. The point I was trying to make is that there is nothing to
stop an end-user from bookmarking a login page or typing it in
directly, even if you have no linkages to the login page in your
user interface.
It's kinda hard
It's kinda hard for them to bookmark the login page when they don't know
the URL.
Keep in mind that, as far as the browser is concerned, the URL in the
location is still the page that was originally requested. Therefore, a
bookmark for the login form will actually be to the real page
So the redirection thing is just how it is implemented right now.
Stupid me.
-Mike
- Original Message -
From: Michael Jennings [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 21, 2001 2:21 PM
Subject: Re: FORM-based authentication idea
It's kinda hard for them to bookmark
On Thu, 21 Jun 2001, Michael Jennings wrote:
Okay,
I was being stupid. I understand now, with form-based authentication when
you
request /mywebapp/private/somefile.jsp what you get back should just be
generated from the login page, then when you submit your credentials,
it returns
On Thu, 21 Jun 2001 [EMAIL PROTECTED] wrote:
On Thu, 21 Jun 2001, Michael Jennings wrote:
Okay,
I was being stupid. I understand now, with form-based authentication when
you
request /mywebapp/private/somefile.jsp what you get back should just be
generated from the login page,
On Thu, 21 Jun 2001, Craig R. McClanahan wrote:
If the login page would be displayed all the a href= / or img in the
login page will be treated by the browser as relative to
/mywebapp/private, while the login page can be somewhere else.
The form login page should use server-relative
: FORM-based authentication idea
On Thu, 21 Jun 2001, Craig R. McClanahan wrote:
If the login page would be displayed all the a href= / or img in
the
login page will be treated by the browser as relative to
/mywebapp/private, while the login page can be somewhere else.
The form
Andy Armstrong wrote:
Michael Jennings wrote:
Hi everyone,
I just wanted to bounce an idea off of everyone. In tomcat, when one
specifies form-based
authentication you have to tell tomcat which page is the login page. This is
done
via the context's web.xml file by setting the
Christopher Cain wrote:
My main objection would be that it is adding
non-spec features, which means that any apps
written under Tomcat would not cleanly port
to other spec-compliant servlet containers.
This, of course, should read: Any apps written under Tomcat to levarage
this feature
FWIW, I guess I could see some small convenience in a target-fail and
target-succeed context parameter. I guess I if I had multiple entry
points into my application, such as a more complex manual authentication
routine within a different application or something, I could also grab
these
On Wed, 20 Jun 2001, Michael Jennings wrote:
Hi everyone,
I just wanted to bounce an idea off of everyone. In tomcat, when one
specifies form-based
authentication you have to tell tomcat which page is the login page. This is
done
via the context's web.xml file by setting the
14 matches
Mail list logo
