j_security_check, Please help.

How do i call this action programatically? I already have a login method in my action class, I wanna call this from there.

Please help asap.'j_security_check'

You'll need to tell us which app server you're using, some of them behave slightly differently.
The short answer is that you need to set up 'declarative security' in your web application by changing settings in your web.xml

May be this will help you.

protected void postLoginInfo(String url, 
         int port, 
         String userNameToAuthenticate, 
         String userPasswordToAuthenticate) {
try {
StringBuffer result = new StringBuffer();
//Opening connection
Socket sock = new Socket(url, port);
DataInputStream inStream =
new DataInputStream(sock.getInputStream());
DataOutputStream outStream =
new DataOutputStream(sock.getOutputStream());
// posting the login info
outStream.writeBytes("POST " + url +
"/j_security_check" +
"&j_username" + userNameToAuthenticate +
"&j_password" + userPasswordToAuthenticate +
" HTTP/1.0\r\n\r\n");

// reading the responce
int length = -1;
String currLine;
BufferedReader bufferedReader = new BufferedReader(
                       new InputStreamReader(inStream));
while ((currLine = bufferedReader.readLine()) != null) {
if (currLine.length() == 0)
break;
if (currLine.toLowerCase().
                              startsWith("content-length:")) {
try {
length =
Integer.valueOf(
                                      currLine.
                                      substring(15)).
                                      intValue();
} catch (Exception ignoreMe) {
}
}
}
ByteArrayOutputStream tempBuffer;
if (length < 0) {
tempBuffer = new ByteArrayOutputStream();
} else {
tempBuffer = new ByteArrayOutputStream(length);
}
int ch;
while ((ch = inStream.read()) >= 0) {
tempBuffer.write(ch);
}

// Result response from socket is here
result.append(tempBuffer.toString());
} catch (UnknownHostException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
 
}

Hi there,

To echo what David said, Web App containers (Tomcat and others) use a form of security called 'declaritive security.' What this means is that you 'declare' a web resource (servlet or jsp) to be inside your security perimeter usally in web.xml.
If an unauthenticated or unauthorized (two different things) user attempts to access that page (by clicking a link or typing in their URL bar) they get redirected to your login page or a login window pops up. After sucessful login they get forwarded to the original requested resource.

I hope that helps. I attached the code from the web.xml for the project I am currently working on.

<login-config>
        <auth-method>FORM</auth-method>
        <form-login-config>
            <form-error-page>/WEB-INF/pages/login/logonError.jsp</form-error-page>
            <form-login-page>/WEB-INF/pages/login/logon.jsp</form-login-page>
        </form-login-config>
    </login-config>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>pts</web-resource-name>
            <url-pattern>*.do</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>
    </security-constraint>
 
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>admin</web-resource-name>
            <url-pattern>/admin/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <auth-constraint>
            <role-name>ALTER_PROGRAMS_AND_SCREEN_APPEARANCE</role-name>
        </auth-constraint>
    </security-constraint>
 
    <security-role>
        <role-name>CREATE_VIEW_MODIFY_INDIVIDUAL_PATIENT_RECORDS</role-name>
        <description>todo</description>
    </security-role>
    <security-role>
        <role-name>ALTER_PROGRAMS_AND_SCREEN_APPEARANCE</role-name>
        <description>todo</description>
    </security-role>
    <security-role>
        <role-name>VIEW_INDIVIDUAL_PATIENT_RECORDS</role-name>
        <description>todo</description>
    </security-role>

I hope that is helpful.

Tom