You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Drasko Kokic <dr...@yahoo.com> on 2001/02/12 18:30:33 UTC
RequestIntercepter, Authentication & Login Form
Hi again,
I have finished an implementation of the SingleLogin
infrastructure protecting the whole heterogene multi
site portal using RequestIntercepters and Servlet API
2.2 container based security.
There are still two issues I would like to understand
better:
1. The URI to the login page is specified relative to
the container. Why are we not able to configure this
page with an absolute URL so that another host could
be used as an authentication site?!
2. The authorise methode of the RequestIntercepter is
being invoked for both protected pages as well as
after submiting the username and password on the login
page. I would need to do two different things
depending from where the call comes (eg. check
username/password if from login otherwise check
cookie). How can I detect in the authorise methode if
the methode is being invoked after submiting
username/password on the login page?!
TIA
Drasko
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/