• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

authentication with out using j_security_check

 
Jeremy Wilkinson
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to authenticate a user after they register on my site with out having to send them to a login page. Is there a way to take the user id and password from my registration form and use that to authenticate the user instead of using the j_security_check action.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No (or not with the standard Realms, anyway), and I meditated on that for a long time when I first realized that.

However, there's a good reason to force login after registration. Two of them, actually, although I suspect there's more if one has to do with especially evil-minded hackers.

1. Forcing an explicit login ensures that the user entered the correct credentials. Otherwise you'd create an account, do your thing and come back in a week or 2 (YMMV) and not be able to login again because you'd botched something and didn't know about it. If you get an immediate usage of the login, you're more likely to be in a position to correct it, especially if you were already in contact with a support person.

2. By forcing an immediate login, the system helps cement the new credentials into the user's head. Memory reinforcement by repetition. Your desktop support people will probably be grateful, and speaking as a user, I've decided that it's actually kind of helpful, since I do frequently end up cooking up IDs and passwords off the top of my head.

In other words, it may be more inconvenient, but it's likely to reduce support issues. And it's not a lot inconvenient, when all's said and done.

Incidentally, in container-managed security, you don't "send" a user to a login page. Container-managed security secures application pages. If a page requires an authenticated user, it will front that page with a login demand. If the page doesn't require an authenticated user, it won't.

This is where a lot of the DIY systems fail. They assume that the only way a user will get to a page is via the approved route.
 
Jeremy Wilkinson
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the info. I will keep it the way it is which is requiring users to login after they complete the registration process.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic