This week's book giveaway is in the HTML Pages with CSS and JavaScript forum.
We're giving away four copies of Testing JavaScript Applications and have Lucas da Costa on-line!
See this thread for details.
Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

jsp login

 
Ranch Hand
Posts: 386
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have taken following example from http://publib.boulder.ibm.com

How does the request understand, which server to go to , when we have provided ACTION="j_security_check" ? Dont we need server name to send a rewuest to ? If username and password are stored in database, connection to database is taken care of by j_security_check ? If not, the how is security check performed in that case ?

How does redirection to another webpage take place , when we are using j_security_check ?

 
Marshal
Posts: 67425
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As container-based security is part of the Servlet Specification, not JSP, this has been moved to the Servlets forum.
 
Bear Bibeault
Marshal
Posts: 67425
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you checked to see what the Servlet Specification has to say on the matter?
 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This login page is meant to work for JAAS.
Once you configure your server for JAAS authentication you should have the following values and you cannot change them:

if the authentication method is form then the action of the form shoud be j_security_check
the username field name should be:j_username
the password field name should be: j_password

changing anything in the above values the authentication will not work.

As for the redirection it is configured in the web.xml in the following tag:

<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.do</form-login-page>
<form-error-page>/loginRetry.do</form-error-page>
</form-login-config>
</login-config>

anyway for more details about JAAS go to this link:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jaas/tutorials/GeneralAcnOnly.html
 
Ranch Hand
Posts: 1512
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is what I know - j_security_check is a kind of target built into a web application container. So, how it's actually implemented is container specific. However, the URL that causes the login page to be invoked is probably stored somewhere, and then the login is successful, the user is redirected to the stored URL.
 
Charbel Keyrouz
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes exactly, once you configure your jaas authentication this url will be active.
 
Power corrupts. Absolute power xxxxxxxxxxxxxxxx is kinda neat.
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic