This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of DevSecOps Adventures: A Game-Changing Approach with Chocolate, LEGO, and Coaching Games and have Dana Pylayeva on-line!
See this thread for details.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

using j_security_check

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

is there a way to use j_security_check before the user requests a constraint resource?

I want the login text fields and submit button to be in my main page, so the user can login whenever he wants. And if the login is successful, I want the private information to appear on the page.

Sorry, but I only know the basic security mechanism, when the user requests a contraint resource, then it's prompt for username and password, then gets the resource it asked in the first place.

I've tried to simply put this form in the main page:



but I guess is not that simple, because I got an error
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Depending on the container, you can use an internal call to login the user but the mechanism is different on each server. eg on WebSphere it is (or was) via the SSOAuthenticator, I have never found out how to do it in Tomcat.

The other way would be to find out how the container retains the destination location, intercept the security check and set the destination for afterwards. I think.
 
Felipe Reis
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks David,

but that didn't help me at all. What do you mean by retain the destination location?
And is j_security_check the only way to implement login and security?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With form based security:

1 - the unauthenticated user requests a secured resource (I called it the destination location)
2 - The container redirects them to the login screen, which posts to j_security_check
3 - If this passes, the container sends them to the destination.

In my first example, you can plug step 2 directly into the front page, but once they login the container doesn't know where to redirect.

For your second question about other ways, yes there are other security mechanisms besides form based. In my second example, you can still use form based authentication and a login on the front page, but you post to your own form rather than the j_security_check. Now you have the user's name and password in your servlet but you need to authenticate them with the container. Some containers provide a way to pass the usrename and password directly, but it is different in each container. After this, you can redirect them anywhere you want.
 
Ranch Hand
Posts: 187
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can use a filter or an interceptor. You can build one or use some off-the-shelf one like acegi.
 
Felipe Reis
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the tips guys, I'll do some tests here
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic