I have a webapp running in a Servlet 2.4 container (Tomcat 5.0.27). This webapp uses FORMS authentication. The webapp also allows a user to 'create an account' by supplying their preferred username and password.
The problem is that I do not want to require the user to reauthenticate using the form after 'creating an account'. That is to say, I have a username, a password and an unauthenticated user. Is it possible to authenticate this user automatically in a container-standard manner?
I have had various ideas: - using a RequestDispatcher to forward the request to "j_security_check". This would require me to set the javax.servlet.forward.request_uri request attribute - but this sounds 'hacky'. - Manually perform the same actions that a FORMS login performs (set a session attribute? I can't find anything 'concrete' in the specification)
I figure that this problem has occurred before, so I'm looking for a robust solution - advice is appreciated.
Unfortunately it looks like this feature was missed fomr the spec, it is often available but is container specific. WebSphere uses a class called the SSOAuthenticator, and I wasn't able to find a way to do it in Tomcat last time I looked, but that was several versions ago.