-
1. Re: Multiple Wars Sharing a Login Page
jamesc1 Nov 1, 2011 3:45 PM (in response to jamesc1)This was the solution I went with if anyone later is interested.
I extended the standard FormAuthenticator class and overrode the methods forwardToLoginPage and forwardToErrorPage. These two methods use a RequestDispatcher in order to forward the request to the login page. The problem is that it forwards the page within the current context and does not go outside of the context. I discovered that you can forward outside of the current context by using the ServletContext.getContext(String uri) method to acquire the context that the login page resides in. So I simply changed
{code}
RequestDispatcher disp = this.context.getServletContext().getRequestDispatcher(config.getLoginPage());
{code}
to
{code}
RequestDispatcher disp = this.context.getServletContext()
.getContext("/myLoginPageContext")
.getRequestDispatcher("/myLoginPage.jsp");
{code}
Two small things to note. First is that anything linked to inside myLoginPage.jsp must contain the whole path not just the name. For example
{code:xml}<img src="/myLoginPageContext/logo.jpg" />{code}
Second, is that if you do not include an entry for form-login-page and form-error-page in the web.xml then the FormAuthenticator will crash while attempting to compare the requestUri with login page's uri. I didn't want to bother putting the path in every web.xml or worry about changing them all later in the event the path to the login page changes so I overrode the Invoke method inside my new FormAuthenticator set the loginConfig to the paths I already defined in the class and used in the previously mentioned methods.
Well that was it. If anyone comes across this and sees an immediate problem in security by doing this please let me know. If not then maybe it'll help someone else trying to do this later.