Vladimir Grishchenko wrote:
>
> Christian Rauh wrote:
> >
> > Vladimir Grishchenko wrote:
> > >
> > I am also facing the same problem and had an idea while reading your
> > post. Maybe you can set a frame on your main page where you want the
> > login to appear. That frame links to that welcome page proposed by
> > Craig. What would actually be loaded on the frame is the login page.
> >
>
> I'm thinking along the same lines... You could also embed a tiny invisible
> image in protected area to your front page (named /welcome, for example)
> and define your login form as /welcome?mode=login, so whenever you're not
> authorized welcome page is smart to display you a login form... The problem
> here is that it's difficult to display a meaningful message that a user needs
> to login whenever (s)he actually tries to get a real protected page since
> it'll always display /welcome?mode=login. Something like that...
I guess that what we both want is a way to call an url with the
authentication parameters (user, password) and a page to redirect if
everything is ok. Then Tomcat would do the authentication.
I think that this behaviour may be emulated by creating a flash movie or
applet that:
1 - Gets the username and password from the user
2 - Try to load any protected resource. This will put tomcat
on "authentication state". This loading would be internal and
not shown in the browser window.
3 - Then load j_security_check passing the appropriatte
username and password variables obtained in 1.
4 - load the protected resource that you want on the browser window,
a frame or _parent.
This may work. If I get the time I will try to implement it.
> > I also seem to have read somewhere that you can do what you want using
> > the JDBCRealm. Have you tried anything on that line?
>
> As far as I understand JDBCRealm has little to do with it. It's just a mechanism
> facilitating authentication, you give it [name, password, role] and it tells you
> if you're good to go using a database instead of tomcat-users.xml. that's it.
yes, that´s it. What I meant was that you may give a look into the
JDBCRealm classes and create your own authentication mechanism. Don´t
know if it is possible though. Heard that some people were going into
this direction.
Christian
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
