Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

j_security_check

 
vipul patel
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

When we post j_username and j_password to j_security_check, how does it actually verify the username password?

I have a web application in which login.jsp is implemented with above mechanism. all username and passwords are stored in the SQL server. It runs on JBOSS. Now when I post the data in login.jsp it should reach to some code which validates username/pwd in the sql server. but i am not able to locate that code in my project. (Project was supplied by somebody else!)

can any one help where should I look?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
(I think you'd better ask this in the JBoss forum.)

You should check login-config.xml.
[ January 05, 2006: Message edited by: Satou kurinosuke ]
 
MI Mohammed
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi dilip,
You have to check the JBoss documentation. Different web container implements security in different ways when it comes to using a RDBMS to authenticate and authorize users. I used Tomcat for my exam and practice. In Tomcat, the design of your user table must follow a specified format. I am sure if you check properly, you should find examples on how to go about it.

Cheers. hope it helps.


SCJA SCJP SCWCD SCBCD prog....
 
vipul patel
Ranch Hand
Posts: 146
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mohammed,

Thanks for your reply. But Still doubt. Consider my scenario. I have a database table in SQL Server with following structure. It keeps user authentication information. here USERPASS is encrypted.

Table Name: UM_USER_FORJAAS

USERID varchar24
USERPASS varchar50
CREATED_BY varchar24
CREATED_ON datetime8
PASSWORD_MODIFIED numeric5
MODIFIED_ON datetime8


Now there are all sort of user management methods (for example delete/add/change password/add role etc.) implemented in a Session Bean.

My Login.jsp is very much standard and uses j_security_check as action element value and j_username & j_password fields.

My doubt is when we submit the form to j_security_check how it goes and validate users from the database?

I looked in jboss. couldn't find a clue

Please clear my doubt.

thanks in advance.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The "j_security_check" target is a special name, whose meaning is defined in the servlet spec (which you should read to get a better understanding of what's going on). It indicates to the servlet engine that it should use the j_username and j_password values to perform an authentication check. That is not JBoss- or Tomcat-specific. What is specific to a servlet engine is how the authentication is done. For Tomcat, that's defined in the server.xml file, for JBoss apparently in something called login-config.xml. But since that is totally dependent on the server you use, I can't imagine that it would be part of a certificate exam.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic