• Post Reply Bookmark Topic Watch Topic
  • New Topic

using j_security_check

 
Felipe Reis
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

is there a way to use j_security_check before the user requests a constraint resource?

I want the login text fields and submit button to be in my main page, so the user can login whenever he wants. And if the login is successful, I want the private information to appear on the page.

Sorry, but I only know the basic security mechanism, when the user requests a contraint resource, then it's prompt for username and password, then gets the resource it asked in the first place.

I've tried to simply put this form in the main page:



but I guess is not that simple, because I got an error
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depending on the container, you can use an internal call to login the user but the mechanism is different on each server. eg on WebSphere it is (or was) via the SSOAuthenticator, I have never found out how to do it in Tomcat.

The other way would be to find out how the container retains the destination location, intercept the security check and set the destination for afterwards. I think.
 
Felipe Reis
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks David,

but that didn't help me at all. What do you mean by retain the destination location?
And is j_security_check the only way to implement login and security?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With form based security:

1 - the unauthenticated user requests a secured resource (I called it the destination location)
2 - The container redirects them to the login screen, which posts to j_security_check
3 - If this passes, the container sends them to the destination.

In my first example, you can plug step 2 directly into the front page, but once they login the container doesn't know where to redirect.

For your second question about other ways, yes there are other security mechanisms besides form based. In my second example, you can still use form based authentication and a login on the front page, but you post to your own form rather than the j_security_check. Now you have the user's name and password in your servlet but you need to authenticate them with the container. Some containers provide a way to pass the usrename and password directly, but it is different in each container. After this, you can redirect them anywhere you want.
 
Emanuel Kadziela
Ranch Hand
Posts: 187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use a filter or an interceptor. You can build one or use some off-the-shelf one like acegi.
 
Felipe Reis
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the tips guys, I'll do some tests here
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!