Hi, Click is built on top of Java Servlet API so that doco assumes familiarity with Servlet security.
If you are not familiar with Java Servlet Security you will find many books or articles describing the standard. Also note that the standard is quite loose on the implementation and each container is free to provide it's own implementation. So if you use Tomcat you should see the Tomcat doco, same for JBoss etc. Many people opt to use an alternative security to the standard such as Spring Security or Apache Shiro. Hope this helps. Bob On 2011/03/01 00:06 AM, Haim Schindler wrote: > Hi, > > I have read: > > http://click.apache.org/docs/user-guide/htmlsingle/click-book.html#security > > but beside the definitions in web.xml file, I could not figure out how the > logic of authentication > works. > where is the logic that works against the database ? > where and how are the users & passwords are stored ? > who is handling the POST request from the login form ? > > Haim > > > On Sun, Feb 20, 2011 at 11:37 PM, Bob Schellink <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > > The scenario you describe is pretty much how Servlet security works[1]. > You can also use these > alternatives[2]. > > Bob > > [1]: > http://click.apache.org/docs/user-guide/htmlsingle/click-book.html#security > [2]: > > http://click.apache.org/docs/user-guide/htmlsingle/click-book.html#alternatve-security-solutions > > On 2011/02/20 17:17 PM, Haim Schindler wrote: > > Hello, > > > > What is the right way in click to redirect to a desired page after > successful login? > > > > *here is the scenario:* > > > > user type in the browser url: > > > > *www.site.com/page1000.htm <http://www.site.com/page1000.htm> > <http://www.site.com/page1000.htm>* > > > > but user is NOT login so he was redirected to > > > > *www.site.com/login.htm <http://www.site.com/login.htm> > <http://www.site.com/login.htm>* > > > > after successful login I want the user to be automatically redirected to > > > > *www.site.com/page1000.htm <http://www.site.com/page1000.htm> > <http://www.site.com/page1000.htm> * (the original url that the user > wanted) > > > > (now what I do is a bit tedios, I keep this information the the url to > login.htm?.... and then > I use > > hidden fields in the login form so that info goes to login process > after post....) > > > >
