• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

jsp login

 
nirjari patel
Ranch Hand
Posts: 386
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have taken following example from http://publib.boulder.ibm.com

How does the request understand, which server to go to , when we have provided ACTION="j_security_check" ? Dont we need server name to send a rewuest to ? If username and password are stored in database, connection to database is taken care of by j_security_check ? If not, the how is security check performed in that case ?

How does redirection to another webpage take place , when we are using j_security_check ?

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64615
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As container-based security is part of the Servlet Specification, not JSP, this has been moved to the Servlets forum.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64615
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you checked to see what the Servlet Specification has to say on the matter?
 
Charbel Keyrouz
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This login page is meant to work for JAAS.
Once you configure your server for JAAS authentication you should have the following values and you cannot change them:

if the authentication method is form then the action of the form shoud be j_security_check
the username field name should be:j_username
the password field name should be: j_password

changing anything in the above values the authentication will not work.

As for the redirection it is configured in the web.xml in the following tag:

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/loginRetry.do</form-error-page>
</form-login-config>
</login-config>

anyway for more details about JAAS go to this link:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
 
Bosun Bello
Ranch Hand
Posts: 1510
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is what I know - j_security_check is a kind of target built into a web application container. So, how it's actually implemented is container specific. However, the URL that causes the login page to be invoked is probably stored somewhere, and then the login is successful, the user is redirected to the stored URL.
 
Charbel Keyrouz
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes exactly, once you configure your jaas authentication this url will be active.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic