Ouch... you said a curse word.... "Upgrade".... :-) I know I've needed to do it for a long time now... I'm still on 5.5. But if it ain't broke.... You've at least given me a good excuse to dive in and upgrade to get this login feature. Before I start, any words of advice for migrating? Should it be relatively painless (e.g. install, copy current server.xml, and go?) or is this something I'd better allocate a few days for?
Thanks. Jerry On Thu, Dec 1, 2011 at 8:53 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jerry, > > On 12/1/11 9:30 PM, Jerry Malcolm wrote: > > I have been using form-based auth for several years. I understand > > the challenge concept where TC puts up the pre-defined login page > > when the first page requiring auth is requested. But I have a > > slightly different situation. I want all of my non-protected pages > > (guest-level) to include the id/pw fields at the top of the page. > > At any time when the user chooses to go to the protected area of > > the site, they enter their id/pw and hit the login button and it > > takes them to a page in the protected area. Basically, I want to > > bypass the forced login page if the user entered an id/pw unless > > obviously the auth failed on the provided id/pw. > > > > Is there a way to 'force' provide credentials under the covers at > > the time the first protected page is requested to get the user > > signed on without the intermediate login form appearing? > > The easiest thing to do it to upgrade to Tomcat 7 which supports > servlet spec 3.0. There is a new method in the HttpServletRequest > class called "login" that takes a username and password. > > Just take the username and password from the request (in a servlet you > write yourself) and call request.login(). After that, forward (or > redirect) the user wherever you want -- some kind of "you're > logged-in" landing page. > > Hope that helps, > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk7YPZEACgkQ9CaO5/Lv0PAldwCfQ7XLKMTDwNtNpgWh7anwNUIo > P5MAnjoAsGuqxmQsv2jeg+C1gvkmLaRK > =Wvqf > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
