>The basic flow is designed to go like this: >- User makes a request for a URL >- Container sees that this URL is protected by a security constraint >- Container saves the original request and displays the login page >- Assuming successful authentication, the container > performs the *original* request.
>There's no >such thing as "directing the user to a particular page" in this scenario Sounds like my understanding was correct. So let me explain what I need and perhaps you could suggest an approach to take. My app has it's own security system where I set some session vars at logon. I check for one of them in my template page and in my struts ActionServlet. That all works fine. But now I need to protect non-jsp pages, like PDFs. So I want to use JDBCRealm security. The problem I'm left with is setting up all the session vars I'm currently doing in my logon action. That's why I wanted some way to specify the target page. Hmmm... Right now, if the session var is missing, I redirect to the logon page. I guess I could change that to a setsessionvar page instead. Because with the container security on, the only way the session var check could happen would be if the user had been authenticated. Right? Does that make sense or is there a better approach? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
