• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Manually authenticating a user

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This might be a ridiculously easy question...

I need to authenticate a user in jboss and add that to the request. We are using FORM based container managed login right now, but there has to be some pre/post processing which I can't seem to do/add to the form based login.

Anyone have some hints for me?

thanks in advance.
 
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

but there has to be some pre/post processing which I can't seem to do/add to the form based login.



Could you please explain what pre/post processing you are considering? That might help us in understanding whether, what you are trying to do is possible with FORM based authentication.
 
Joe Sal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sure, I was thinking of adding some cookie/login authentication. So pre-form, if a cookie is available would prefill the login form with some information, post-form if they select the "remember me" checkbox, would build the cookie for the user.

I've been looking at this for the last 2 days and it seems that you can't really catch the FORM based authentication (ie, the action of the form going to "j_security_check"). The problem I have is that the app has been up and running for a while and I need the container management security stuff (eg, all the roles).

does anyone have some general advice on which way I should be heading?
 
Jaikiran Pai
Sheriff
Posts: 10445
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This is what you could do:

1) Configure a jsp (lets say login.jsp) in the web.xml for FORM based authentication
2) Let's assume you want to secure a resource named admin.jsp
3) So whenever some unauthenticated user tries accessing admin.jsp, he will be redirected by the server to login.jsp.
4) The login.jsp (might use some javascript) to check whether the Remember Me was selected and if yes then pick up the login information from some cookie. It will then submit the form in login.jsp (using form.submit through javascript) to j_security_check action. Once this is done, the flow would follow the normal course.

Is this what you are looking for?

Disclaimer: I am not good at the security related stuff and haven't tried this personally
 
Joe Sal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No worries

After a few days of really large amounts of frustrating, I have it somewhat working. The real problem was that I wanted to do post-processing from the form but apparently tomcat handles the j_security_check and it won't go through the channels you would expect.

For those looking to extend their form based login, I would suggest looking at either jguard (jguard.sourceforget.net) or securityfilter (securityfilter.sourceforget.net).

I ended up using securityfilter. The only bad thing is that you have to write up the realm and role validation (or maybe not depending on what you are doing). But after that, there were no other changes required! I didn't have to change any of the role management, etc. This opens up quite a few other things...

Hope this helps someone, and saves 2 days. Save it for a fun day

Joe
 
girl power ... turns out to be about a hundred watts. But they seriuosly don't like being connected to the grid. Tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic