File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form Based Authentication

 
Drew Lane
Ranch Hand
Posts: 296
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I pass the value of 'j_username' to the destination page when using form based authentication?
I'm also using the following hidden field:
<input type='hidden' name='j_uri' value='/update.jsp'>
So, I want the page 'update.jsp' to be able to use the value contained in 'j_username'.
Thanks,
Drew
 
Mon Mayor
Ranch Hand
Posts: 40
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set action to an intermediate page and set the attributes in session and redirect to j_security_check in there.
Hope this helps.
 
Drew Lane
Ranch Hand
Posts: 296
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Should I be using Form based authentication as the primary method for login to a web application or was this primarly meant just to protect web pages from direct access?
Drew
 
Frank Carver
Sheriff
Posts: 6920
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The built-in form based login can be used as the primary security method for an application. I tend to "roll my own" using filters these days, though. I find it more flexible.
 
Drew Lane
Ranch Hand
Posts: 296
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could you give a simple example of using filters to log in to a web application?
I've never used filters before.
Thanks,
Drew
 
Frank Carver
Sheriff
Posts: 6920
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, bear in mind that filters are not covered by the current SCWCD, so if you are studying for the certification you don't need to get hung up on them.
Anyway. A typical use of filters for security might map a filter to all page requests from the web application:

Then in the filter, do something like the following:
[0]is this request for the login page? if so, let it through.
[1]does a session already exist with valid credentials? if so let it through.
[2]If not, forward to the login page.
 
Maha Annadurai
Ranch Hand
Posts: 87
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We can use HttpServletRequest.getRemoteUser() method in Jsp/Servlet to capture the login name (j_username) used for authendication. A sample code could be like below.

Regards,
Maha Anna
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic