• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

redirect from external page to tomcat 4 with forms based authentication

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am following the Tomcat forms based authentication and I it is working for me through an external PreLogin.jsp page I have.

PreLogin.jsp:
<html>
<head><title>Please Log In</title>
<body>
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>


changes to web.xml:
...
...
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Worldwide Express</realm-name>
<form-login-config>
<form-login-page>/PreLogin.jsp</form-login-page>
<form-error-page>/LoginErr.jsp</form-error-page>
</form-login-config>
</login-config>
...
...

What is not working for me: I want to be able to have an external page outside of my applications context where I can take the login info (username and password) and using that login to tomcat. Can anyone please tell me if this is possible?

Thanks in advance.
 
Ranch Hand
Posts: 433
Netbeans IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you mean something like this?
 
Saloon Keeper
Posts: 28477
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You cannot invoke j_security check directly, only provide it on a page designated on a page defined in web.xml as the login or loginfail page. There are reasons for this.

You cannot pass in a userId and password from an external URL request except in response to the login/loginfail pages. There are reasons for that at well.

You CAN, however, setup a Single Signon security Realm whereby logging into any app that participates in that realm logs you in to all applications in that realm so that you only have to login once instead of logging into each application separately.
 
harmeet singh bawa
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks guys. I was able to take it a step further. this is where I stand now. I have tomcat 4.1 running on a windows machine with my app using forms based authentication in tomcat. I created an html page that I placed on my drive outside of the context of my app in tomcat.

<html>
<head>
<title>Please Log In</title>
</head>
<body>
<iframe src="http://localhost:8090/wwxchange" width="300" height="150">
</iframe>
</body>
</html>

With the use of an iframe I was able to accomplish what I wanted initially, but only partially. This is redirecting to my PreLogin.jsp page that I posed before and it all works good. Next step, I tried placing this html page on another machine in the network and in that case tomcat exhibits a strange behavior where it fails to login on the first attempt. Instead it redirects back to the PreLogin.jsp page asking for the login again. It almost behaves like tomcat is not able to authenticate the user this way. But when I dont do anything and just click on to login with the sme credentials I proveded before, it logs in successfully.

One change I made to the PreLogin.jsp page:
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' target='_new'>

Tried to open the app in a new window apart from the html page.

Is there something I am missing out here?

Thanks again.
 
But how did the elephant get like that? What did you do? I think all we can do now is read this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic