aspose file tools*
The moose likes Servlets and the fly likes Auto Login Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Auto Login" Watch "Auto Login" New topic
Author

Auto Login

Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
In some sites like javaranch.com itself, you dont have to login everytime. After the user logon for the first time, a cookie will be created in the client storing the login information so that the user is automatically login we he returns. Let not focus on how secure this kind of cookie initiated login is (well, afterall who would hack your password in order to post a message in bulletin board). I would like to know how we could do this if the appli is using form-based authentication.

Recall that when we do form-based authentication, these steps are involved normally:

1. User requests a constrained resource.

2. Container sees the constrained resource and returns the login form and somehow enter a mode expecting the 'j_security_check' URL.

3. User submits the login form which looks like <form action=j_security_check> with 'j_username' and 'j_password' parameters.

The important point is in step 2, the container AUTOMATICALLY enters a mode accepting the j_security_check URL as special request for login - rather than normal URL. This step is important because if we directly submit a form with 'j_security_check' while the container is not expecting it, it is treated as a normal URL.

This comes to a problem, if I want my cookie (perhaps storing username & password) to trigger auto login, how can I cause the container to accept j_security_check to mean login attempt.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Why are you starting a new thread? For those coming in late, the original is here. If this creates duplicate conversations I will probably have to close one
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I don't norrmally use that much JavaScript, but you may be able to store the username/password in the cookie a, then when the user visits again, add more JS to detect the cookie, extract the values, insert into the fields and autosubmit the form. It won't happen automatically, but it should be fast enough.
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
I didn't explain clearly what I was trying to do in my previous thread. Just want to add more explanation here.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Auto Login
 
Similar Threads
Tracking Authentication
form action default request type
Webapp-Security chapter revision notes from HFSJ , may be useful
using j_security_check
Auto Login By Username in Cookie