Vladimir Grishchenko wrote:
>
> Christian Rauh wrote:
> >
> > Vladimir Grishchenko wrote:
> > >
> > > Christian Rauh wrote:
> > > >
> > > > Vladimir Grishchenko wrote:
> > > > >
> > > > I am also facing the same problem and had an idea while reading your
> > > > post. Maybe you can set a frame on your main page where you want the
> > > > login to appear. That frame links to that welcome page proposed by
> > > > Craig. What would actually be loaded on the frame is the login page.
> > > >
> > >
> > > I'm thinking along the same lines... You could also embed a tiny invisible
> > > image in protected area to your front page (named /welcome, for example)
> > > and define your login form as /welcome?mode=login, so whenever you're not
> > > authorized welcome page is smart to display you a login form... The problem
> > > here is that it's difficult to display a meaningful message that a user needs
> > > to login whenever (s)he actually tries to get a real protected page since
> > > it'll always display /welcome?mode=login. Something like that...
> >
> > I guess that what we both want is a way to call an url with the
> > authentication parameters (user, password) and a page to redirect if
> > everything is ok. Then Tomcat would do the authentication.
> >
> > I think that this behaviour may be emulated by creating a flash movie or
> > applet that:
> >
> > 1 - Gets the username and password from the user
> > 2 - Try to load any protected resource. This will put tomcat
> > on "authentication state". This loading would be internal and
> > not shown in the browser window.
> > 3 - Then load j_security_check passing the appropriatte
> > username and password variables obtained in 1.
> > 4 - load the protected resource that you want on the browser window,
> > a frame or _parent.
> >
>
>
> IMO this
> sounds like more work than just writing your own authentication servlet...
> This applet should parse an incoming login page and emulate sending a post from
> j_security_chek...
Probably it is. The only reason for doing this would be to use the standard
container authentication scheme, which is a good idea since you may be
delegating authentication to someone who may be more proficient in security
issues than yourself.
Christian
> > This may work. If I get the time I will try to implement it.
> >
> > > > I also seem to have read somewhere that you can do what you want using
> > > > the JDBCRealm. Have you tried anything on that line?
> > >
> > > As far as I understand JDBCRealm has little to do with it. It's just a mechanism
> > > facilitating authentication, you give it [name, password, role] and it tells you
> > > if you're good to go using a database instead of tomcat-users.xml. that's it.
> >
> > yes, that´s it. What I meant was that you may give a look into the
> > JDBCRealm classes and create your own authentication mechanism. Don´t
> > know if it is possible though. Heard that some people were going into
> > this direction.
> >
> > Christian
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
