• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Can I have j_security_check in two login.jsp

 
Chelis Flores
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all.
Anybody knows if I can have 2 login.jsp with <form action="j_security_check" method="post"> in the same application?

I have two roles in my aplication and I need to show a diferent login.jsp page for each. How can I do to have 2 login.jsp pages and send to respect index.jsp page. Does it can be possible?

thanks a lot!
 
Chelis Flores
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
this is not a JSP question!!!
is a Security question!!
if I can access with j_security_check with two diferent login.jsp pages to the same <security-constraint> configuration

thanks!
 
Michael Ku
Ranch Hand
Posts: 510
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No
When you place a <login-config> tag in your web.xml file and indicate FORM as your <auth-method> you only get one entry for your <form-login-page> tag
[ August 28, 2007: Message edited by: Michael Ku ]
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Chelis Flores:
I have two roles in my aplication and I need to show a diferent login.jsp page for each.

This doesn't make sense. You don't even know which role a user is in until she logs in. So how can you show a different login page based on role, when you don't even know what role the user has yet?
 
Chelis Flores
Greenhorn
Posts: 16
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Michael and Merrill
I could resolved my problem, I need to have two distint login.jsp pages because I authenticate the user and the administrator roles at the same LDAP, but the interfaces both of them must to be distinct.
I resolved putting two JSP pages with <j_security_check> one for the mortal user and another for the administrator and the web.xml in the <welcome-file-list> tag put a JSP (redirect.jsp) page that both roles have access, then in the redirect.jps ask about the role and redirect to the respective index.jsp.
Of course in the <form-login-page> I have the login interface for the user role and the Administrator role have to capture the URL to access to his login.jsp page but it is not problem.
And now my questions is, Is it correct to do? I could resolve my problem but I don�t know if is a good practice.
Thanks all
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic