Ok, I've got it now... Thanks for the information.
Now my manager is saying he wasnted it all done in Struts and that Struts has a security model that I should be using. Is he wrong? I though struts was just tag libs and an MVC for hitting business logic. Time for me to learn struts now I guess... -- Sloan ----- Original Message ----- From: "Barney Hamish" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Thursday, February 13, 2003 10:33 AM Subject: RE: Form based security > I think you've got the wrong idea about how the form-based security works. > It is counter-intuitive I agree but anyway... > > Firstly the login form should not be in the secure area. > Define as the default page something in the secure area. > When the user tries to go to this default page tomcat will redirect them to > the login page. > After they've logged in successfully Tomcat wil redirect them to the page > they originally asked for (i.e. the default page). > > You don't need a filter to do this. Tomcat does it automatically for you. > > Hamish > > > -----Original Message----- > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 13, 2003 4:32 PM > > To: Tomcat Users List > > Subject: Re: Form based security > > > > > > Ok, I figured most of the things out. > > > > My next question (along the same lines) is this: > > > > I have a link to the login.jsp which is now in a > > security-constraint area. > > When they use the login.jsp successfully it complains about: > > Invalid direct reference to form login page > > > > How do I use the login page and define a page for a successful login? > > > > Thanks! > > > > -- > > Sloan > > > > ----- Original Message ----- > > From: "Sloan Seaman" <[EMAIL PROTECTED]> > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > Sent: Thursday, February 13, 2003 10:01 AM > > Subject: Re: Form based security > > > > > > > I have a filter set up so that if they don't go to the index.jsp or > > > login.jsp it will redirect them to the login.jsp. > > > (is that the best way?) > > > > > > So basically they either go to the index.jsp or login.jsp > > page. How do I > > > list a page as secure? > > > > > > Do I have to wirte code for the j_security_check or is this > > something > > within > > > tomcat? > > > > > > ----- Original Message ----- > > > From: "Barney Hamish" <[EMAIL PROTECTED]> > > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > > Sent: Thursday, February 13, 2003 9:50 AM > > > Subject: RE: Form based security > > > > > > > > > > Are you going directly to the login page? If so then you > > need to go to a > > > > page in that's listed as being secure. You will then be > > forwarded to the > > > > login page. When you've logged in successfully then you will be > > forwarded > > > to > > > > the page you originally requested. > > > > Hamish > > > > > > > > > -----Original Message----- > > > > > From: Sloan Seaman [mailto:[EMAIL PROTECTED]] > > > > > Sent: Thursday, February 13, 2003 3:48 PM > > > > > To: [EMAIL PROTECTED] > > > > > Subject: Form based security > > > > > > > > > > > > > > > I'm attempting to do form based security and I keep getting a > > > > > 404 error when > > > > > I click the submit button. > > > > > > > > > > I'm guessing I'm missing some type of configuration in the > > > > > server.xml..... > > > > > > > > > > The form I am using is: > > > > > <form method="POST" action="j_security_check"> > > > > > <input type="text" name="j_username"/> > > > > > <input type="password" name="j_password"/> > > > > > <input type="submit" value="Submit"> > > > > > </form> > > > > > > > > > > > > > > > And I have the following in my web.xml > > > > > <login-config> > > > > > <auth-method>FORM</auth-method> > > > > > <form-login-config> > > > > > <form-login-page>/login.jsp</form-login-page> > > > > > <form-error-page>/login-error.jsp</form-error-page> > > > > > </form-login-config> > > > > > </login-config> > > > > > > > > > > Can anyone help me out here? > > > > > > > > > > -- > > > > > Sloan > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
