Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

FORMS authentication

 
Tony Morris
Ranch Hand
Posts: 1608
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a webapp running in a Servlet 2.4 container (Tomcat 5.0.27).
This webapp uses FORMS authentication.
The webapp also allows a user to 'create an account' by supplying their preferred username and password.

The problem is that I do not want to require the user to reauthenticate using the form after 'creating an account'. That is to say, I have a username, a password and an unauthenticated user. Is it possible to authenticate this user automatically in a container-standard manner?

I have had various ideas:
- using a RequestDispatcher to forward the request to "j_security_check".
This would require me to set the javax.servlet.forward.request_uri request attribute - but this sounds 'hacky'.
- Manually perform the same actions that a FORMS login performs (set a session attribute? I can't find anything 'concrete' in the specification)

I figure that this problem has occurred before, so I'm looking for a robust solution - advice is appreciated.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately it looks like this feature was missed fomr the spec, it is often available but is container specific. WebSphere uses a class called the SSOAuthenticator, and I wasn't able to find a way to do it in Tomcat last time I looked, but that was several versions ago.

Hope this helps in some small way.
Dave
 
Tony Morris
Ranch Hand
Posts: 1608
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the reply.
For anyone interested, I seem to have found a container-independant solution: http://sourceforge.net/projects/securityfilter/
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic