>>>>> "Rajesh" == Rajesh Kalluri <[EMAIL PROTECTED]> writes:
Rajesh> Hi All,
Rajesh> I have set up container managed authentication with tomcat with form based
Rajesh> login.
Rajesh> <login-config>
Rajesh> <auth-method>FORM</auth-method>
Rajesh> <form-login-config>
Rajesh>
<form-login-page>/LoginForm.html</form-login-page>
Rajesh>
<form-error-page>/LoginError.html</form-error-page>
Rajesh> </form-login-config>
Rajesh> </login-config>
Rajesh> -The entry point to my app is LoginForm.html.
Rajesh> I let Tomcat take care of authenticating the users password and his role.
Rajesh> I want to store the user profile including his email and some other
Rajesh> information from the database into session scope based on <%=
Rajesh> request.getRemoteUser() %>.
Rajesh> At what stage is it recomended to do this in a struts application using
Rajesh> contianer managed authentication.
I'm not certain what you mean by "stage", but by the way you phrase this, I
think you might misunderstand a little bit about how CMA works.
By specifying a "login-config" element and a "security-constraint" element, you
ensure that the URL patterns specified in the security-constraint will be
"protected" by CMA. You don't "call" the login process at any point, and you
certainly don't make your login page the "entry point" of your application.
In addition, if you implement a proper JAAS configuration file, you specify how
the container obtains authentication information to compare against what the
user provided. You can also use the Tomcat-specific "realm" concept, but this
isn't portable to other application servers.
(And by the way, don't make the silly mistake of specifying a "url-pattern" in
your "web-resource-collection" that is matched by the path to your login or
error page. You'll get a glorious infinite loop, or an exception, if the app
server is smart enough.)
--
===================================================================
David M. Karr ; Java/J2EE/XML/Unix/C++
[EMAIL PROTECTED]
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
