>
> If you're using the container based FORM auth, you should just bundle
> the login.jsp with each WAR.
Thanks, but the login page is a little more complicated than that, so I
can't really drop it in. I'd be including a huge chunk of the "user" war
file. What we do in the other apps is have a login link that points to a
page "x" in user.war and passes a uri param (not real names, but
illustrative). This page "x" has a security-constraint that forces the
real login.jsf, and once the user is logged in it goes on to /user/x,
and this page can forward back to the original page the user was on or
do some other work in some circumstances.
>
> Here's the horrible scenario.
>
> Actually, forget it...[...]
Heh heh. I was hoping maybe there was some trick I wasn't thinking
about, but it sounds like you're confirming that I can't do this
directly. My backup is to remove the protected pages in my war file
(there are only a couple) and insert some logic into them to check for
an authenticated user and, if not, redirect to the /user/x page above
which ought to return to them. A little more work, but doable.
Thanks,
Bobby