aspose file tools*
The moose likes JSP and the fly likes set original page for j_security_check Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "set original page for j_security_check" Watch "set original page for j_security_check" New topic
Author

set original page for j_security_check

Ariffin Ahmad
Ranch Hand

Joined: Aug 16, 2001
Posts: 84
i have pages on my tomcat 4.0.2 server that protected with form-based authentication.
i notice that, if i directly do 'http://localhost:8080/j_security_check?j_username=uid&j_password=pwd' i'll get response 'Apache Tomcat/4.0.2 - HTTP Status 400 - Invalid direct reference to form login page'.
so, what should i do, so that, i can bypass the login form and go directly to the restristed page.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You either want security or you don't want security.
Why do you want to bypass the security page?
I'd recommend against doing this anyway, since you have placed the username and password fields on the URL, and even with encryption they can turn up in log files...
There are ways to perform a login from the server side, but I'm not sure how to accomplish this in Tomcat. ie if the username and password are available on the server you can lg them in without requiring the login screen.
This is useful for things like Registration pages, where you already have the username and password, but you don't want to throw them at the login screen again just so they can get security credentials - you already have all the data.
Can we get more details on why you want this, maybe there is another solution.
Dave
Ariffin Ahmad
Ranch Hand

Joined: Aug 16, 2001
Posts: 84
well, i do want a security...
and i do want a login page.
but, there will be some cases that need me to bypass the login page by only supplying username and password.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

But if you have both then you actually have neither.
Passing the username and password on the URL negates and security you have.
But that said, once you have the username and password on the server, there should be a call you can make to explicitly authenticate the user.
But I don't know what it is. I'll go have a look, but no promises.
Dave
Ariffin Ahmad
Ranch Hand

Joined: Aug 16, 2001
Posts: 84
well, it's not necessary to put the username and password in the url. i can put it in a form and then post it with "POST" method. of course i can use my normal login page but, the problem is, the login page is on another server, and that server will redirect the browser, together with the username and password to another server, which handle the authentication.
i found 1 way to get around it. i just create another jsp page and then use request.getParameter to get the username and password and store it in the session variable. and that, i use response.sendRedirect to redirect the browser to some restricted realm on the server and of course because of this, tomcat will redirect the normal login page. but, in the login page, i'll get the username and password from the session variable, and if theres any, i just use response.sendRedirect to redirect the login page to j_security_check, together with the username and password. if authenticated, tomcat will redirect me back to the original page...
the problem is, it seem quiete messy.
i hope there's a cleaner way to do this....
anyway,
thanks...
cheers.....
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

The best I could find in 5 mintes or less is from here:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
and possibly has something to do with Realm.authenticate() which may allow you to authenticate the user IF you can get access to the realm.
Rather than calling j_security_check, you would write a separate login Servlet to accept the username and password, and it would also require the page you want to redirect to after authentication.
myHost:8080/MyLoginServlet?username=dave&password=bites&resource=secured.jsp
Dave
Ariffin Ahmad
Ranch Hand

Joined: Aug 16, 2001
Posts: 84
i got the idea....
thank a lots, mate......
cheers.....
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

No charge
Dave
(although there is a tip jar)
Ouardi Jamal
Greenhorn

Joined: Feb 24, 2011
Posts: 1
Hi Everybody,

My problem is that i want to auto-login to a web application which use j_security_check mechanism and for which i have the
"login,password" credentials.

So is someone knowing how to bypass this mechanism ?

thank you in advance.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: set original page for j_security_check
 
Similar Threads
j_security_check not working with flash
login page redirect
action="j_security_check"
j_security_check 'next' page?
automatic forward to URL after j_security_check