Can anyone suggest a way to implement non-lazy (active) form-based authentication? I'd like to let the container manage access to protected resources, while giving the user the option to log in without accessing a protected page.
I would set form-based authentication as usual (logon pages and web.xml settings) and provide an authentication page I can optionally include with an iframe tag in every page (or include, tile, etc.)
In this way if you are not logged on and try to access a protected resource, the web container will force you to log in. And in every page you visit you have the option to log in.
The iframe that shows the logon form in every page should be processed only if the user is not logged on.
Hope this help you.
The problem is that I cannot post directly to j_security_check -- I get error 400: Invalid direct reference to form login page.
I'm not sure, but I think this could one of this:
- your web.xml doesn't have the appropiate tags for handling form-based auth, or the pages from wich you try to log in are not the ones mentioned in this file:
I don't know if the page mentioned here is the only one from wich you can call j_security_check
- your servlet container is broken, or doesn't has the appropiate libraries
I have set up f.b.a. with tomcat 5 bundled in jboss 3.2.5 and it was very straighforward.
Hope you crack it.