posted 19 years ago
Thanks for the reply. But I still have questions. When we do form-based authentication, these steps are involved normally:
1. user requests constrained resource.
2. container sees the constrained resource and returns the login form and
somehow enter a mode expecting the 'j_security_check' URL.
3. user submits the login form which looks like <form action=j_security_check> with 'j_username' and 'j_password' parameters.
The important point is in step 2, the container AUTOMATICALLY enters a mode accepting the j_security_check URL as special request for login - rather than normal URL. This step is important because if we directly submit a form with 'j_security_check' while the container is not expecting it, it is treated as a normal URL.
This comes to my problem, if I want my cookie (perhaps storing username & password) to trigger auto login, how can I cause the container to accept j_security_check to mean login attempt.