This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Security and the fly likes authentication with out using j_security_check Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Engineering » Security
Bookmark "authentication with out using j_security_check" Watch "authentication with out using j_security_check" New topic

authentication with out using j_security_check

Jeremy Wilkinson

Joined: Mar 31, 2010
Posts: 13
I want to authenticate a user after they register on my site with out having to send them to a login page. Is there a way to take the user id and password from my registration form and use that to authenticate the user instead of using the j_security_check action.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42958
Yes, that's possible - nothing forces you to use the built-in stuff. But then you have to code up the username/password comparison with your user data yourself, and react appropriately to success/failure. And you're not going to be able to use the getRemoteUser and isUserInRole methods - you'll need to store the user information in a session after a successful login.
Jeremy Wilkinson

Joined: Mar 31, 2010
Posts: 13
I see... But my goal is to continue using the container based approach, hence I want to emulate a j_security_check with out really doing it. I may have asked the question wrong. I don't want to manage access in the application, but will if it is the only way.
I agree. Here's the link:
subject: authentication with out using j_security_check
It's not a secret anymore!