wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Access protected resource (j_security_check) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Access protected resource (j_security_check)" Watch "Access protected resource (j_security_check)" New topic
Author

Access protected resource (j_security_check)

Prasanna Puttappa
Ranch Hand

Joined: Jul 21, 2003
Posts: 54
Hi,
We have two web applications A and B. From application A I need to access some protected specific pages/actions of B automatically without asking for login credentials from user(like SSO). Here point to be noted is that application A will have username and password of B. Authentication is going fine when I submitt stored j_username and j_password from A to j_security_check of B.
Problem I am facing is when I try to access pages/actions other than j_security_check by submitting j_username and j_password I get login page back which is not expected result. Can someone please suggest me how to solve this problem ?

I think I am looking something similar to j_uri in resin.

Thanks in advance,
[ September 02, 2007: Message edited by: Prasanna Kumar BP ]

~Prasanna (SCJP5.0, SCWCD5)
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12682
    
    5
From application A I need to access some protected specific pages/actions of B


If by that you mean that application A has to act like a client browser, you can use the open source HttpClient toolkit to establish a session with application B. Here is the HttpClient homepage.

Bill


Java Resources at www.wbrogden.com
Prasanna Puttappa
Ranch Hand

Joined: Jul 21, 2003
Posts: 54
William, thanks for your response. I think I was not clear in my previous post. Application A will have a link to some protected pages of B. On click of the link page will be displayed in the new browser window without asking for username and password.
Btw, is there any work around or feature in Tomcat similar to J_URI ? After going through J_URI feature I think I am looking for this kind of feature in Tomcat.

Thanks,
Prasanna Puttappa
Ranch Hand

Joined: Jul 21, 2003
Posts: 54
can someone please suggest a solution to my problem. Thanks in advance.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Prasanna Kumar BP:
... I am looking for this kind of feature in Tomcat.


Moving to our Apache / Tomcat forum.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

If both of the applications are running under the same instance of Tocmat, you can use Tomcat's single sign on feature.

http://tomcat.apache.org/tomcat-5.5-doc/config/host.html#Single%20Sign%20On
[ September 03, 2007: Message edited by: Ben Souther ]
Prasanna Puttappa
Ranch Hand

Joined: Jul 21, 2003
Posts: 54
No they are running on separate servers
Prasanna Puttappa
Ranch Hand

Joined: Jul 21, 2003
Posts: 54
I got the solution to my problem !!!

Hi William,
Thanks for suggesting me to use HttpClient :thumb: . While exploring HttpClient for my problem I got solution @
http://forum.java.sun.com/thread.jspa?threadID=546542&messageID=3856454


cheers,


[ September 05, 2007: Message edited by: Prasanna Kumar BP ]
[ September 05, 2007: Message edited by: Prasanna Kumar BP ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
Originally posted by Prasanna Kumar BP:
I got the solution to my problem !!!

I don't understand how that helps with logging into one server, and then not having to provide the credentials to the second server, though. The code logs into one server and retrieves a web page. Where does the second server come into play?
[ September 05, 2007: Message edited by: Ulf Dittmer ]

Ping & DNS - updated with new look and Ping home screen widget
Prasanna Puttappa
Ranch Hand

Joined: Jul 21, 2003
Posts: 54
From my problem context as I mentioned before application A will have credentials of B. My approach is writting a landing servlet in A which does all the things required to retrieve content of application B's web page and write it back to browser using PrintWriter.

Hope I am clean now.
Thanks,
~Prasanna
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39549
    
  27
Ah, I see. It's not really single sign-on; you're simply using the username/password from the first application to log into the second one.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Access protected resource (j_security_check)
 
Similar Threads
j_security_check - How to pass parameters in the URL
2 questions/problems about Form-based login
JBoss DatabaseServerLoginModule question...
login authentication
j_security_check - How to pass parameters in the URL