Do you know which project it is on sourceforge? Sounds like a good solution. Thanks Eddie.
-----Original Message----- From: Eddie Bush [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 12:25 PM To: Struts Users Mailing List Subject: Re: [NEWBIE] STRUTS, TC and JDBC Realm This was discussed some time ago. There are a couple of solutions: * There is a security-filter project on sourceforge to address this * You can setup a redirect action that is secure (thus it will invoke the CMA) and have it setup so that your redirect action just redirects to wherever you specified by a parmeter (?redirectURL=/some/path/action.do for example). You could take this a step further and make your login page "smart" with JavaScript to set attributes/submit the form automatically in a given circumstance. * There are JAAS solutions. I hear the security-filter (requires servlet spec 2.3 compliant container -- filters didn't exist before then) project is working nicely. The usage of it "integrates" well too -- everything act just like you were using CMA. One of the big advantages is that you gain the ability to configure/deploy your realm with your application. Should you want to deploy your application somewhere that they do not allow you to add to their server configuration (which is a prerequisite for using CMA), you're able to. HTH, Eddie Dan Payne wrote: >Trying to deploy an application with Struts 1.0.1 with Tomcat 4.0.4 using >Tomcat's JDBC realm for user authentication. Trying to avoid an "Invalid >direct reference to form login page." Need to make a login page available to >the Realm (/users/login/index.jsp) but also want to offer the opportunity to >login on the site's home page (/home.do). Here's what I've got: > >web.xml >------- > <security-constraint> > <web-resource-collection> > <web-resource-name>Email List Subscriptions</web-resource-name> > <url-pattern>/emailLists/subscribe.do</url-pattern> > </web-resource-collection> > > <auth-constraint> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/users/login/index.jsp</form-login-page> > <form-error-page>/users/login/error.jsp</form-error-page> > </form-login-config> > </login-config> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>