wood burning stoves*
The moose likes Tomcat and the fly likes redirect from external page to tomcat 4 with forms based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "redirect from external page to tomcat 4 with forms based authentication" Watch "redirect from external page to tomcat 4 with forms based authentication" New topic
Author

redirect from external page to tomcat 4 with forms based authentication

harmeet singh bawa
Greenhorn

Joined: Dec 16, 2010
Posts: 2
I am following the Tomcat forms based authentication and I it is working for me through an external PreLogin.jsp page I have.

PreLogin.jsp:
<html>
<head><title>Please Log In</title>
<body>
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username"></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password"></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In"></td>
<td align="left"><input type="reset"></td>
</tr>
</table>
</form>
</body>
</html>


changes to web.xml:
...
...
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Worldwide Express</realm-name>
<form-login-config>
<form-login-page>/PreLogin.jsp</form-login-page>
<form-error-page>/LoginErr.jsp</form-error-page>
</form-login-config>
</login-config>
...
...

What is not working for me: I want to be able to have an external page outside of my applications context where I can take the login info (username and password) and using that login to tomcat. Can anyone please tell me if this is possible?

Thanks in advance.
Joachim Rohde
Ranch Hand

Joined: Nov 27, 2006
Posts: 423

Do you mean something like this?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15957
    
  19

You cannot invoke j_security check directly, only provide it on a page designated on a page defined in web.xml as the login or loginfail page. There are reasons for this.

You cannot pass in a userId and password from an external URL request except in response to the login/loginfail pages. There are reasons for that at well.

You CAN, however, setup a Single Signon security Realm whereby logging into any app that participates in that realm logs you in to all applications in that realm so that you only have to login once instead of logging into each application separately.


Customer surveys are for companies who didn't pay proper attention to begin with.
harmeet singh bawa
Greenhorn

Joined: Dec 16, 2010
Posts: 2
Thanks guys. I was able to take it a step further. this is where I stand now. I have tomcat 4.1 running on a windows machine with my app using forms based authentication in tomcat. I created an html page that I placed on my drive outside of the context of my app in tomcat.

<html>
<head>
<title>Please Log In</title>
</head>
<body>
<iframe src="http://localhost:8090/wwxchange" width="300" height="150">
</iframe>
</body>
</html>

With the use of an iframe I was able to accomplish what I wanted initially, but only partially. This is redirecting to my PreLogin.jsp page that I posed before and it all works good. Next step, I tried placing this html page on another machine in the network and in that case tomcat exhibits a strange behavior where it fails to login on the first attempt. Instead it redirects back to the PreLogin.jsp page asking for the login again. It almost behaves like tomcat is not able to authenticate the user this way. But when I dont do anything and just click on to login with the sme credentials I proveded before, it logs in successfully.

One change I made to the PreLogin.jsp page:
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' target='_new'>

Tried to open the app in a new window apart from the html page.

Is there something I am missing out here?

Thanks again.
 
jQuery in Action, 2nd edition
 
subject: redirect from external page to tomcat 4 with forms based authentication
 
Similar Threads
URLConnection and form based authentication
how to redirect to success page in tomcat using its lapd configuration
Problems with FORM Authentication
how to control redirect of j_servlet_check
Cannot Connect to database using datasource realm