Hi Yoav Shapira,

Thanks for the reply. I know my question is client based, but I thought the
web.xml might have an option to specify target="_self" or something similar,
for the login.jsp (that should be theoretically poss.?) woops.

as regards mailing list, I have v. little xp with lists (at all) , and am
not honestly sure how they work.
I joined the list <tomcat-user-digest-subscribe@(protected)
I thought then I would get an email to which I could post to (this email was
not in this list either as far as I could see).

In addition on this Tomcat website about mailing lists
http://jakarta.apache.org/site/mail2.html#Tomcat I could not find reference
to tomcat-user@(protected)

Do I need to be registered (somehow- either digest or high traffic) to post
questions to this list?


regards
Ben





-----Urspr�ngliche Nachricht-----
Von: Shapira, Yoav [mailto:Yoav.Shapira@(protected)]
Gesendet: Montag, 17. Mai 2004 15:25
An: Tomcat Users List; ben.bookey@(protected)
Betreff: RE: Tomcat security



Hi,
The declarative security options offered by the Servlet Specification, those
you refer to as the "integrated security options," have no understanding of
the client side, i.e. the browser. There is no concept of frame or browser,
so you can't do what you're asking for with these declarative security
directives.

As to finding the mailing list: I'm troubled that you found that so
difficult. Links to the mailing list are on the top apache page
(www.apache.org), top jakarta page (jakarta.apache.org), top tomcat page
(jakarta.apache.org/tomcat), both the binary and source apache download
pages (http://jakarta.apache.org/site/binindex.cgi, and
http://jakarta.apache.org/site/sourceindex.cgi), the jakarta contact us page
(http://jakarta.apache.org/site/contact.html), the home page of a new tomcat
installation (webapps/ROOT/index.jsp), and many other locations. Where did
you look or what made it difficult to find?

Yoav Shapira
Millennium Research Informatics


>-----Original Message-----
>From: Ben Bookey [mailto:ben.bookey@(protected)]
>Sent: Monday, May 17, 2004 9:12 AM
>To: tomcat-user@(protected)
>Subject: Tomcat security
>
>
>Dear List,
>I am using tomcats integrated security options, available inside the
>web.xml
>(see below). When ever the session times out and the user makes a request
>for a html/or jsp page within this protected context, appears the login.jsp
>page. My problem is that my app uses frames, and when the user makes a
>request from a sub-frame the login page shows in this sub-frame window. Is
>there a simple way to configure in the web.xml, that the login.jsp page
>always is shown
>in the parent frame of the browser or document, so causing the whole window
>to be reloaded. I guess there isnt and I must do some jscript, or fiddle
>around
>with html. I would be extremely impressed if there would be a web.xml
>solution.
>
>regards
>BB
>p.s. It was very hard to find as Newbie, the email address to post this
>mail
>to!!
>
>+-------------------------------------------------------------------+
>| GIStec GmbH - Ihr Partner f�r GIS - Technologie             |
>|                                             |
>| Ben Bookey                                     |
>| Ben.Bookey@(protected)       |
>| Tel      0 61 51 / 155 - 254     D-64283 Darmstadt       |
>| Fax      0 61 51 / 155 - 259     http://www.gistec-online.de |
>|                                             |
>| http://www.ingeoic.de         http://www.geo-watermarking.de |
>+-------------------------------------------------------------------+
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>For additional commands, e-mail: tomcat-user-help@(protected)




This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential, proprietary
and/or privileged. This e-mail is intended only for the individual(s) to
whom it is addressed, and may not be saved, copied, printed, disclosed or
used by anyone else. If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the
sender. Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)