6 messages in org.apache.tomcat.usersRE: Form Based Authorization Question| From | Sent On | Attachments |
|---|---|---|
| David Haraburda | Jan 9, 2001 3:40 pm | |
| Michael Wentzel | Jan 10, 2001 4:08 am | |
| David Haraburda | Jan 11, 2001 3:07 pm | |
| Craig R. McClanahan | Jan 11, 2001 3:23 pm | |
| David Haraburda | Jan 11, 2001 4:25 pm | |
| Craig R. McClanahan | Jan 11, 2001 4:36 pm |
| Subject: | RE: Form Based Authorization Question | |
|---|---|---|
| From: | Michael Wentzel (Mich...@aswethink.com) | |
| Date: | Jan 10, 2001 4:08:31 am | |
| List: | org.apache.tomcat.users | |
I am implementing the Java Servlet Form based login mechanism in my web application, and had a question. Is it possible for me to have a "default location" that a user goes to when they login? In many instances, a user will go directly to the login JSP, rather than requesting a web resource first (which then causes Tomcat to display the login page, and then redirect back to the resource after authentication). If they haven't requested a resource, I'd like the login to take them to their "home" (different roles have different homes in my application). The only way I see right now is to check and see if session.getAttribute( "tomcat.auth.originalLocation" ) is null, but that seems rather naughty... is this the only way of doing it. I have written my own Realm object (that extends BaseInterceptor) for authentication/authorization purposes. Could something be done in there?
One solution to to check the referring document and see if it's a valid one otherwise go to default for user determined from database.
--- Michael Wentzel Software Developer <A HREF="http://www.aswethink.com">Software As We Think</A> <A HREF="mailto://went...@aswethink.com">Michael Wentzel</A>