This week's book giveaway is in the Android forum.
We're giving away four copies of Learning Java by Building Android Games and have Jean-Marcel Belmont on-line!
See this thread for details.
Win a copy of Learning Java by Building Android Games this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • Devaka Cooray
Saloon Keepers:
  • Ganesh Patekar
  • Tim Moores
  • Carey Brown
  • Stephan van Hulst
  • salvin francis
Bartenders:
  • Ron McLeod
  • Frits Walraven
  • Pete Letkeman

j_security_check Action Query  RSS feed

 
Ranch Hand
Posts: 362
2
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In my project, I found below post action for login page:

<form id="loginform" method="post" action="/ciscso/j_security_check">


But, I didn't find any corresponding action in the code. Can you please guide me how j_security_check works? We are using Websphere as our application server.
 
Ranch Hand
Posts: 48
Eclipse IDE Fedora MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You can use the following link to get a detailed idea. They have pointed out the things very well

IBM Knowledge Center - Customizing Web application login

Thanks for asking.
 
Bartender
Posts: 19801
93
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is the JEE standard container-managed security system. There is no application code to handle j_security_check because that code is in the server itself (WebSphere in your case) and is pre-written, pre-debugged and the actual code is not visible nor modifiable by the application programmer.

In fact, most JEE webapp servers implement security Realms which are a set of plug-compatible authenticators to be used by the server's j_security_check code. Popular ones include jdbc lookups of userid/password, LDAP lookups, and others. You can usually even write your own, although this is not a "login" function, just a class that contains a method whose arguments are the incoming user ID and password and returns a true/false indication of whether the credentials were valid. Sometimes the Realm implementation may also construct a working-storage object that holds session-related security data (the UserPrincipal), but it never actually "logs you in". Only the webapp server can do that.

You cannot explicitly send people to a page with j_security_check on it. If you do, the webapp server will not be in the proper state to process it as a login. Instead, you set up the web.xml with URL security patterns and if a user is not logged in but has requested an URL matching one of those patterns, the server will intercept the request and redirect them to the login page. Once the user has successfully logged in, the original request continues. The web application is completely unaware that a login occurred. There's no such thing as a JEE "login event.".
 
Vaibhav Gargs
Ranch Hand
Posts: 362
2
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you Saurabh and Tim.

Here, we provide our username and passowrds and it works fine. I want to understand where the LDAP is configured to be used for authentication/authorization.
 
Tim Holloway
Bartender
Posts: 19801
93
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You set up your LDAP authentication using the WebSphere administration webapp. However it has been several years since I've done that, so I don't remember details.

One thing I do remember, however, is that the security management in WebSphere can be a bit hard to understand, so if you can get IBM to help you, I recommend it.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!