I would like some clarifications about handling authentication in a webapp:
it seems to me the simplest way to authenticate users is using form base auth, in conjunction with declarative security (declaring resources/roles in web.xml); the main problem with this approach in my opinion is handling several login pages, for example; moreover, in order to allow authentication to be performed on the home page, you need to "force" the client to make a request to a protected page (correct??!!), which seems not so clean!! I read something about JAAS, but didn't understand, for example, once logged in what should be done with the Subject object obtained after the login process!!! Following requests are automatically recognized coming from an authenticated user, as with normal form based auth ?? I'm a little confused about all this stuff... The main goals I have are: Allow login from the home page Allow login from several pages (I can specify only one login page in web.xml !) Make all this in a clean way (for example not redirecting the user to a reserved page for making tomcat present the login page !!) Thanks everyone Renato ____________________________________ Renato Romano Sistemi e Telematica S.p.A. Calata Grazie - Vial Al Molo Giano 16127 - GENOVA e-mail: [EMAIL PROTECTED] Tel.: 010 2712603 _____________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]