File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes FORMS authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "FORMS authentication" Watch "FORMS authentication" New topic

FORMS authentication

Tony Morris
Ranch Hand

Joined: Sep 24, 2003
Posts: 1608
I have a webapp running in a Servlet 2.4 container (Tomcat 5.0.27).
This webapp uses FORMS authentication.
The webapp also allows a user to 'create an account' by supplying their preferred username and password.

The problem is that I do not want to require the user to reauthenticate using the form after 'creating an account'. That is to say, I have a username, a password and an unauthenticated user. Is it possible to authenticate this user automatically in a container-standard manner?

I have had various ideas:
- using a RequestDispatcher to forward the request to "j_security_check".
This would require me to set the javax.servlet.forward.request_uri request attribute - but this sounds 'hacky'.
- Manually perform the same actions that a FORMS login performs (set a session attribute? I can't find anything 'concrete' in the specification)

I figure that this problem has occurred before, so I'm looking for a robust solution - advice is appreciated.

Tony Morris
Java Q&A (FAQ, Trivia)
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Unfortunately it looks like this feature was missed fomr the spec, it is often available but is container specific. WebSphere uses a class called the SSOAuthenticator, and I wasn't able to find a way to do it in Tomcat last time I looked, but that was several versions ago.

Hope this helps in some small way.
Tony Morris
Ranch Hand

Joined: Sep 24, 2003
Posts: 1608
Thanks for the reply.
For anyone interested, I seem to have found a container-independant solution:
I agree. Here's the link:
subject: FORMS authentication
It's not a secret anymore!