Hi and thanks for the reply.

Hi and thanks for the reply.
So let me see I understand.
I will use form based auth with my custom login page as usual which will be invoked when I try to access a protected resource.

Besides from that I will have a small window in each page , which appears only if the user is authenticated. Is this correct?

Also I read in some article that when posting a 'j_security_check' in a form which is not prompted by trying to access a protected resource (e.g.: in our case when trying to log in through the included window) you can get the following error: "Invalid direct reference to form login page". I did not fully understand why but would like to hear your opinion and other people who might have encountered this behavior.

thanks

-----Original Message-----
From: s.frank [mailto:s.frank@VIERUNDSECHZIG.DE]
Sent: Monday, February 16, 2004 11:08 AM
To: J2EEPATTERNS-INTEREST@JAVA.SUN.COM
Subject: Re: Custom authentication strategy

Hi,

if you setup form based authetication, you can place a login-box
wherever you want, something like

<% if (request.getRemoteUser()!= null){%>
<form method="POST" action="j_security_check">
Name:<input type="text" name="j_username" ><br/>
Password:<input type="password" name="j_password"><br/>
<input type="submit" name="submit" value="log me in!"><br/>
</form>
<% }%>

which, if successful, takes you back to the page containing the login,
otherwise to your form-error-page. The Box only shows up, when the user
is not logged in, otherwise you can display the username.
We are using this all the time, works pretty well - for other forms of
authorization (e.g. Basic), you need to find a way to trigger the login,
maybe by some java-script, that opens up a protected ressource in a new
Window.

hope this helps
stf

Katz Guy wrote:

>  Message
>
>
>  Hi all; I have a requirement for being able to log in from any page.
>  I still want my solution to benefit from the container security
>  services. However, the container will prompt the login page only for
>  protected resource and many of my resource are not protected but I
>  would still like to be able to login from those pages
>
>  What are my options here? Any thoughts will help Thanks.
>
>  ====================================================================
>  Companion Site: http://www.corej2eepatterns.com J2EE BluePrints:
>  http://java.sun.com/blueprints/corej2eepatterns List Archive:
>  http://archives.java.sun.com/archives/j2eepatterns-interest.html
>  Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to
>  listserv@java.sun.com

====================================================================
Companion Site: http://www.corej2eepatterns.com
J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns
List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html
Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to listserv@java.sun.com
______________________________________________________________________
  This email message has been scanned by PineApp Mail-Secure and has been found clean.

==================================================================== Companion Site: http://www.corej2eepatterns.com J2EE BluePrints: http://java.sun.com/blueprints/corej2eepatterns List Archive: http://archives.java.sun.com/archives/j2eepatterns-interest.html Unsubscribing: email "signoff J2EEPATTERNS-INTEREST" to listserv@java.sun.com