RE: Using multiple login pages

[Martin O'Shea]

Thanks for this Chris. It is food for thought.

I was under the impression that <form-login-page> was static, because that's 
how I seen it used in apps I've worked on.

But I am curious to try a filter as well, something like this mapped to the 
login:

public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain chain) throws java.io.IOException, ServletException {


      HttpServletRequest req = (HttpServletRequest)request;
      HttpServletResponse res = (HttpServletResponse)response;

      // pre login action
      
      // get username 
      String username = req.getParameter("j_username");

      // if user is in revoked list send error
      if ( revokeList.contains(username) ) {
      res.sendError(javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED);
      return;
      }
      
      // call next filter in the chain : let j_security_check authenticate 
      // user
      chain.doFilter(request, response);

      // post login action

   }

I wouldn't mind seeing a servlet specified as <form-login-page> if you know of 
an example.

-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: 05 Oct 2011 22 08
To: Tomcat Users List
Subject: Re: Using multiple login pages

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Martin,

On 10/5/2011 1:59 PM, Martin O'Shea wrote:
> I have it now. There was a redirection going on in a method called 
> from a scriptlet in the login page. It now seems to be OK.

Glad you got it going.

> But one thing bugs me still: you said that you can have 'different 
> login pages for different types of resources you're trying to
> reach.' Can you give any pointers about this?

A "page" is defined as whatever the server responds when you request a
resource. The <form-login-page> you configure in your web.xml can be
dynamic: you can do whatever you want in that page. It doesn't have to
be a static <form> that always looks the same. You can
include/forward/etc from that page. It doesn't even have to be a JSP.
You can configure the <login-form-page> to be a servlet that makes
decisions and forwards to some other .jsp file.

Use your imagination.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6MxyEACgkQ9CaO5/Lv0PByHACfZL9ykx3wPGApX1yyzjxYwkQR
Rf4AoJG5DnnBtbIFYzZsKSLzPJOjJq2j
=A5GW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org