> I am in the process of creating my login page. I want to use struts to > produce a form, I also want to handle the authentication myself > because their are some advanced things I wish to do, for instance, > my login form makes certian they are an active user. If they are a > suspended user, it will display a suspension page giving instructions > and not log the user in. If they are a new user who has not yet been > validated (email confirmation) then it presents a form where they fill > in the 6 digit code sent to their email. Then and only then will they > be logged in. Their are a few other senarios but that's the basics.
It sounds like you want to basically implement your own authentication system, but still have request.getRemoteUser and request.isUserInRole work (along with web.xml security-contstraints).
Here's a quick-and-dirty approach that seems to work well enough. The overall outline is something like:
- implement your custom authentication system however you want - on the last stage of your process, use Javascript to simulate posting the form to j_security_check, for example:
<html> <body onload="document.form1.submit()">
<form id="form1" action="j_security_check"> <input type="hidden" name="j_username" value="<%= inputUsername %>"> <input type="hidden" name="j_password" value="<%= inputPassword %>"> </form>
</body> </html>
I don't recall the details completely, but hopefully this points you in the right direction. There may also be a more elegant solution by registering a custom JAAS CallbackHandler or LoginContext; you might want to look into this as well.
-- Bill -- Bill Schneider Chief Architect Vecna Technologies 5004 Lehigh Rd., Suite B College Park, MD 20740 [EMAIL PROTECTED] t: 301-864-7594 f: 301-699-3180
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]