aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Form Based Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Form Based Authentication" Watch "Form Based Authentication" New topic
Author

Form Based Authentication

Drew Lane
Ranch Hand

Joined: May 13, 2001
Posts: 296
How can I pass the value of 'j_username' to the destination page when using form based authentication?
I'm also using the following hidden field:
<input type='hidden' name='j_uri' value='/update.jsp'>
So, I want the page 'update.jsp' to be able to use the value contained in 'j_username'.
Thanks,
Drew
Mon Mayor
Ranch Hand

Joined: Mar 07, 2002
Posts: 40
Set action to an intermediate page and set the attributes in session and redirect to j_security_check in there.
Hope this helps.
Drew Lane
Ranch Hand

Joined: May 13, 2001
Posts: 296
Should I be using Form based authentication as the primary method for login to a web application or was this primarly meant just to protect web pages from direct access?
Drew
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
The built-in form based login can be used as the primary security method for an application. I tend to "roll my own" using filters these days, though. I find it more flexible.


Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Drew Lane
Ranch Hand

Joined: May 13, 2001
Posts: 296
Could you give a simple example of using filters to log in to a web application?
I've never used filters before.
Thanks,
Drew
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
Well, bear in mind that filters are not covered by the current SCWCD, so if you are studying for the certification you don't need to get hung up on them.
Anyway. A typical use of filters for security might map a filter to all page requests from the web application:

Then in the filter, do something like the following:
[0]is this request for the login page? if so, let it through.
[1]does a session already exist with valid credentials? if so let it through.
[2]If not, forward to the login page.
Maha Annadurai
Ranch Hand

Joined: Oct 27, 2002
Posts: 87
We can use HttpServletRequest.getRemoteUser() method in Jsp/Servlet to capture the login name (j_username) used for authendication. A sample code could be like below.

Regards,
Maha Anna
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Form Based Authentication