File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes How to use j_security_check directly (skip the login page)? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to use j_security_check directly (skip the login page)?" Watch "How to use j_security_check directly (skip the login page)?" New topic
Author

How to use j_security_check directly (skip the login page)?

Efrat Bar-Nahum
Ranch Hand

Joined: Jan 19, 2006
Posts: 57
Hi,

I have a web application that is using j_security_check. (I have a login page, and login module and everything works fine).
I have another application (Swing), that can invoke the web application.
Since the user was already authenticated & authorized when entering the swing application there's no need to launch the web application login page again.

I want that when the application is open as a stand alone application (opening a browser and typing the URL), the login page will be loaded (like today).
But when it is launched from the web application I want to skip the login page.

How can I call the j_security_check and pass it the username & password directly from the Swing application?

I tried openning a page that includes the following:



but it didn't work...
Any idea how to do it?

Thanks,
Efrat
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41861
    
  63
Assuming you're using an HttpUrlConnection to access the web app from your Swing client, you can set the authentication header directly, as is described here. It works the same way for all Java clients, not just applets.


Ping & DNS - my free Android networking tools app
Efrat Bar-Nahum
Ranch Hand

Joined: Jan 19, 2006
Posts: 57
I was trying to open a browser using the following URL:


The parameters that I passed are corerct (I managed to decrypt the given password in the login module).

But I got
HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

Why didn't it work?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41861
    
  63
What are you trying to prove or find out by doing this in the browser?
Efrat Bar-Nahum
Ranch Hand

Joined: Jan 19, 2006
Posts: 57
This is the URL that I'm passing when opening the browser from my rich client application.
This is what I'm trying to do: Open my web client application from a rich client application, and I want to skip the login page by passing the user name & password that I got from the rich client application.

So instead of opening a browser with the URL: http://localhost:8080/EM/ (which will open the login page), I'm trying to pass the parameters to the j_security_check.

I'm really lost here, please help...
Thanks,
Efrat
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41861
    
  63
Now I understand - by "I have another application (Swing), that can invoke the web application." you meant that the Swing app opens a web browser and points that to the web app, not that the Swing app actually accesses the web app.

It might be possible that the j_security_check thing only works with POST, not GET (which it would be through the browser URL). You could use a tool like LiveHTTPHeaders (a Firefox extension) to check what HTTP actually gets sent over the wire. Thta may give you a clue what's different when you try it from the Swing app.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to use j_security_check directly (skip the login page)?