• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

authentication with out using j_security_check

Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to authenticate a user after they register on my site with out having to send them to a login page. Is there a way to take the user id and password from my registration form and use that to authenticate the user instead of using the j_security_check action.
Saloon Keeper
Posts: 22483
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No (or not with the standard Realms, anyway), and I meditated on that for a long time when I first realized that.

However, there's a good reason to force login after registration. Two of them, actually, although I suspect there's more if one has to do with especially evil-minded hackers.

1. Forcing an explicit login ensures that the user entered the correct credentials. Otherwise you'd create an account, do your thing and come back in a week or 2 (YMMV) and not be able to login again because you'd botched something and didn't know about it. If you get an immediate usage of the login, you're more likely to be in a position to correct it, especially if you were already in contact with a support person.

2. By forcing an immediate login, the system helps cement the new credentials into the user's head. Memory reinforcement by repetition. Your desktop support people will probably be grateful, and speaking as a user, I've decided that it's actually kind of helpful, since I do frequently end up cooking up IDs and passwords off the top of my head.

In other words, it may be more inconvenient, but it's likely to reduce support issues. And it's not a lot inconvenient, when all's said and done.

Incidentally, in container-managed security, you don't "send" a user to a login page. Container-managed security secures application pages. If a page requires an authenticated user, it will front that page with a login demand. If the page doesn't require an authenticated user, it won't.

This is where a lot of the DIY systems fail. They assume that the only way a user will get to a page is via the approved route.
Jeremy Wilkinson
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the info. I will keep it the way it is which is requiring users to login after they complete the registration process.
straws are for suckers. tiny ads are for attractive people.
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic