I've been exploring the co-mingling of container-based security and struts
actions through FORM-based authentication. While many options have been
presented and discussed (including subclassing the Action and directly
calling container-managed security methods), it seems to me (a newbie) that
one obvious solution has not been addressed:
What are the side-effects of directly pointing the error and login pages
directly to a struts action (in the example below /login.do) , rather than
to an HTML or JSP file? For example:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/loginError.do</form-error-page>
</form-login-config>
</login-config>
And in the view of the login form:
<form method="POST" action="j_security_check">
Username: <input type="text" name="j_username"><br />
Password: <input type="password" name="j_password"><br />
</form>
If this won't work, what about pointing the login and error pages to a JSP,
and using a <logic:forward> or a <tiles:insert> tag in the file to handle
the request through struts?
Am I missing something subtle (or not so subtle)? Thanks in advance.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
