Juergen Weber wrote:
Hello,I haven't tried this, but the following might work, and is probably portable...
we have a portal. Now the marketing people want that
on the portal page be a form with user and password
field. After submitting the user should be logged in.
First this looked like a very easy to do feature.
We use container managed security to protect some
pages.
So submitting the above mentioned form should simply
authenticate the user with the container.
As simple as that seems, I cannot find any way to do
this via the servlet API.
Two posts by Craig R. McClanahan
(http://archives.apache.org/eyebrowse/ReadMsg?[EMAIL PROTECTED]&msgId=297658
and http://archives.apache.org/eyebrowse/ReadMsg?[EMAIL PROTECTED]&msgId=297211)
suggest, that this is in fact not possible.
If that is indeed the case, this is a big deficiency
of the servlet specification.
Or is there another solution?
You need to have two portal home pages, one with the login form on, "/portal/login", and one without, "/portal/home".
Make "/portal/home" the default page.
Put a security constraint on "/portal/home" so that users who aren't logged in are automatically forwarded to "/portal/login". If they log in, they are authenticated, and go to "/portal/home".
I don't know what happens if there are other links in "/portal/login", but as long as they don't go to other protected pages, it ought to work.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
