You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Eric Vogue <er...@yahoo.com> on 2004/04/06 17:33:18 UTC
[NEWBIE] Setting up a JDBC Realm and using RequestDispatcher
Hello,
I'm novice with Tomcat. I'm currently developing an application with access control based on forms (<auth-method>FORM</auth-method> in the web.xml) and on declarative security with a JDBC realm.
I use the MVC model with servlets redirecting to jsp pages with (forward method of a RequestDispatcher). I understand that this security model does not apply to pages accessed by means of a RequestDispatcher. Then I wouldlike to know if there is a way to implement the following workflow:
1/ The web user opens a registration form (outside the secure area) to sign-in.
2/ A servlet respond to the request on form submission, create the user data in the database (giving access to the user)
3/ The servlet redirects directly the user to a page within the "secure area" and since this page is secured, the user is automatically asked for login info (via the login form declared in the <login-config> part of the web.xml)
For the moment, what I get is: #1 and #2 are done correctly, then the RequestDispatcher send me to the secured page without asking for login.
Thanks in advance!!
Eric
---------------------------------
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
RE: [NEWBIE] Setting up a JDBC Realm and using RequestDispatcher
Posted by Daniel Huang <da...@cisco.com>.
You may want to use response.sendRedirect() at step 3.
-----Original Message-----
From: Eric Vogue [mailto:ericvogue2000@yahoo.com]
Sent: Tuesday, April 06, 2004 8:33 AM
To: tomcat-user@jakarta.apache.org
Subject: [NEWBIE] Setting up a JDBC Realm and using RequestDispatcher
Hello,
I'm novice with Tomcat. I'm currently developing an application with access
control based on forms (<auth-method>FORM</auth-method> in the web.xml) and
on declarative security with a JDBC realm.
I use the MVC model with servlets redirecting to jsp pages with (forward
method of a RequestDispatcher). I understand that this security model does
not apply to pages accessed by means of a RequestDispatcher. Then I
wouldlike to know if there is a way to implement the following workflow:
1/ The web user opens a registration form (outside the secure area) to
sign-in.
2/ A servlet respond to the request on form submission, create the user data
in the database (giving access to the user)
3/ The servlet redirects directly the user to a page within the "secure
area" and since this page is secured, the user is automatically asked for
login info (via the login form declared in the <login-config> part of the
web.xml)
For the moment, what I get is: #1 and #2 are done correctly, then the
RequestDispatcher send me to the secured page without asking for login.
Thanks in advance!!
Eric
---------------------------------
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org