• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

jsp login

 
Ranch Hand
Posts: 386
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have taken following example from http://publib.boulder.ibm.com

How does the request understand, which server to go to , when we have provided ACTION="j_security_check" ? Dont we need server name to send a rewuest to ? If username and password are stored in database, connection to database is taken care of by j_security_check ? If not, the how is security check performed in that case ?

How does redirection to another webpage take place , when we are using j_security_check ?

 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As container-based security is part of the Servlet Specification, not JSP, this has been moved to the Servlets forum.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have you checked to see what the Servlet Specification has to say on the matter?
 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This login page is meant to work for JAAS.
Once you configure your server for JAAS authentication you should have the following values and you cannot change them:

if the authentication method is form then the action of the form shoud be j_security_check
the username field name should be:j_username
the password field name should be: j_password

changing anything in the above values the authentication will not work.

As for the redirection it is configured in the web.xml in the following tag:

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/loginRetry.do</form-error-page>
</form-login-config>
</login-config>

anyway for more details about JAAS go to this link:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
 
Ranch Hand
Posts: 1514
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is what I know - j_security_check is a kind of target built into a web application container. So, how it's actually implemented is container specific. However, the URL that causes the login page to be invoked is probably stored somewhere, and then the login is successful, the user is redirected to the stored URL.
 
Charbel Keyrouz
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes exactly, once you configure your jaas authentication this url will be active.
 
So you made a portal in time and started grabbing people. This tiny ad thinks that's rude:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic