• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

j_security_check - How Does It Verify Information

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have some very basic questions relating to j_security_check in FORM based authentication.

For this eg:

<form method="POST" action="j_security_check">
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>

Once the information is entered,it is supposed to use j_security_check to verify the information entered but where is the authentication being performed(how does the validation work) and what exactly does action=j_security_check do(does this action invoke some file?).

One more thing,I don't understand how the role names are mapped to the actual user names.I'm following the example on the site: http://radio.weblogs.com/0132383/stories/2004/04/23/usingFormBasedAuthentication.html

Or for that matter in any case of form based authentication,are the roles defined in the web.xml file?If yes,then where are the users of this role defined?And again,how is the information that I enter verified against the information in the database.

One last thing,when I was executing the example mentioned on the earlier website,the system gave me the following 500 servlet exception.Any idea what this means?
javax.servlet.ServletException: No forwarding URI for form authentication.Either the login form must specify j_uri or the session must have a saved URI.
[ November 18, 2004: Message edited by: aston endreasa ]
 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Im trying to find the same info. How exactly j_security_check works, where is it ... what servlet is it using , where are the conf files etc. ...
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Section 12.5.3 of the Servlet 2.4 specification tells all about form-based login. j_security_check is a special target built into a web app container, not a specific servlet.
Check the Tomcat FAQ for some general info on how to set up web app security.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic