Active form-based authentication


Web tier: servlets, JSP, Web frameworks: Active form-based authentication

  1. Active form-based authentication (3 messages)

    Can anyone suggest a way to implement non-lazy (active) form-based authentication? I'd like to let the container manage access to protected resources, while giving the user the option to log in without accessing a protected page.

    Threaded Messages (3)

  2. Active form-based authentication[ Go to top ]

    I would set form-based authentication as usual (logon pages and web.xml settings) and provide an authentication page I can optionally include with an iframe tag in every page (or include, tile, etc.)
    In this way if you are not logged on and try to access a protected resource, the web container will force you to log in. And in every page you visit you have the option to log in.
    The iframe that shows the logon form in every page should be processed only if the user is not logged on.

    Hope this help you.
  3. Active form-based authentication[ Go to top ]

    The problem is that I cannot post directly to j_security_check -- I get error 400: Invalid direct reference to form login page.
    Please advise.
  4. Active form-based authentication[ Go to top ]

    I'm not sure, but I think this could one of this:

    - your web.xml doesn't have the appropiate tags for handling form-based auth, or the pages from wich you try to log in are not the ones mentioned in this file:

      <realm-name>App Login</realm-name>

    I don't know if the page mentioned here is the only one from wich you can call j_security_check

    - your servlet container is broken, or doesn't has the appropiate libraries

    I have set up f.b.a. with tomcat 5 bundled in jboss 3.2.5 and it was very straighforward.

    Hope you crack it.