What is not working for me: I want to be able to have an external page outside of my applications context where I can take the login info (username and password) and using that login to tomcat. Can anyone please tell me if this is possible?
You cannot invoke j_security check directly, only provide it on a page designated on a page defined in web.xml as the login or loginfail page. There are reasons for this.
You cannot pass in a userId and password from an external URL request except in response to the login/loginfail pages. There are reasons for that at well.
You CAN, however, setup a Single Signon security Realm whereby logging into any app that participates in that realm logs you in to all applications in that realm so that you only have to login once instead of logging into each application separately.
An IDE is no substitute for an Intelligent Developer.
harmeet singh bawa
Joined: Dec 16, 2010
Thanks guys. I was able to take it a step further. this is where I stand now. I have tomcat 4.1 running on a windows machine with my app using forms based authentication in tomcat. I created an html page that I placed on my drive outside of the context of my app in tomcat.
With the use of an iframe I was able to accomplish what I wanted initially, but only partially. This is redirecting to my PreLogin.jsp page that I posed before and it all works good. Next step, I tried placing this html page on another machine in the network and in that case tomcat exhibits a strange behavior where it fails to login on the first attempt. Instead it redirects back to the PreLogin.jsp page asking for the login again. It almost behaves like tomcat is not able to authenticate the user this way. But when I dont do anything and just click on to login with the sme credentials I proveded before, it logs in successfully.
One change I made to the PreLogin.jsp page:
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' target='_new'>
Tried to open the app in a new window apart from the html page.