I have a web application that is using j_security_check. (I have a login page, and login module and everything works fine). I have another application (Swing), that can invoke the web application. Since the user was already authenticated & authorized when entering the swing application there's no need to launch the web application login page again.
I want that when the application is open as a stand alone application (opening a browser and typing the URL), the login page will be loaded (like today). But when it is launched from the web application I want to skip the login page.
How can I call the j_security_check and pass it the username & password directly from the Swing application?
I tried openning a page that includes the following:
Assuming you're using an HttpUrlConnection to access the web app from your Swing client, you can set the authentication header directly, as is described here. It works the same way for all Java clients, not just applets.
I was trying to open a browser using the following URL:
The parameters that I passed are corerct (I managed to decrypt the given password in the login module).
But I got HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser
Why didn't it work?
Joined: Mar 22, 2005
What are you trying to prove or find out by doing this in the browser?
Joined: Jan 19, 2006
This is the URL that I'm passing when opening the browser from my rich client application. This is what I'm trying to do: Open my web client application from a rich client application, and I want to skip the login page by passing the user name & password that I got from the rich client application.
So instead of opening a browser with the URL: http://localhost:8080/EM/ (which will open the login page), I'm trying to pass the parameters to the j_security_check.
I'm really lost here, please help... Thanks, Efrat
Joined: Mar 22, 2005
Now I understand - by "I have another application (Swing), that can invoke the web application." you meant that the Swing app opens a web browser and points that to the web app, not that the Swing app actually accesses the web app.
It might be possible that the j_security_check thing only works with POST, not GET (which it would be through the browser URL). You could use a tool like LiveHTTPHeaders (a Firefox extension) to check what HTTP actually gets sent over the wire. Thta may give you a clue what's different when you try it from the Swing app.
subject: How to use j_security_check directly (skip the login page)?