Christian Rauh wrote:
>
> Vladimir Grishchenko wrote:
> >
> > Christian Rauh wrote:
> > >
> > > Vladimir Grishchenko wrote:
> > > >
> > > I am also facing the same problem and had an idea while reading your
> > > post. Maybe you can set a frame on your main page where you want the
> > > login to appear. That frame links to that welcome page proposed by
> > > Craig. What would actually be loaded on the frame is the login page.
> > >
> >
> > I'm thinking along the same lines... You could also embed a tiny invisible
> > image in protected area to your front page (named /welcome, for example)
> > and define your login form as /welcome?mode=login, so whenever you're not
> > authorized welcome page is smart to display you a login form... The problem
> > here is that it's difficult to display a meaningful message that a user needs
> > to login whenever (s)he actually tries to get a real protected page since
> > it'll always display /welcome?mode=login. Something like that...
>
> I guess that what we both want is a way to call an url with the
> authentication parameters (user, password) and a page to redirect if
> everything is ok. Then Tomcat would do the authentication.
>
> I think that this behaviour may be emulated by creating a flash movie or
> applet that:
>
> 1 - Gets the username and password from the user
> 2 - Try to load any protected resource. This will put tomcat
> on "authentication state". This loading would be internal and
> not shown in the browser window.
> 3 - Then load j_security_check passing the appropriatte
> username and password variables obtained in 1.
> 4 - load the protected resource that you want on the browser window,
> a frame or _parent.
>
IMO this
sounds like more work than just writing your own authentication servlet...
This applet should parse an incoming login page and emulate sending a post from
j_security_chek...
> This may work. If I get the time I will try to implement it.
>
> > > I also seem to have read somewhere that you can do what you want using
> > > the JDBCRealm. Have you tried anything on that line?
> >
> > As far as I understand JDBCRealm has little to do with it. It's just a mechanism
> > facilitating authentication, you give it [name, password, role] and it tells you
> > if you're good to go using a database instead of tomcat-users.xml. that's it.
>
> yes, that´s it. What I meant was that you may give a look into the
> JDBCRealm classes and create your own authentication mechanism. Don´t
> know if it is possible though. Heard that some people were going into
> this direction.
>
> Christian
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
