Hi, it's me again I've found a possibility (call it a dirty hack) how to post a form to j_security_check and get redirected to some kind of a default page. Perhaps this only works in JBoss, I have not tested this on any other container!
1. I wrote a simple HTML page that contains an image-tag whose src-attribute targets to the page where I'd like to get redirected after login. Of course this produces a broken link, but that's invisible if the width and height are zero. 2. This page also contains a link that targets directly to j_security_check and has the j_username and j_password values (clear text) as request parameters. This is totally insecure, but I think (not tested yet) the link can also submit a hidden form over a HTTPS connection 3. I store this page in the other system's webroot What happens when the link is clicked: If the (hidden) login is successful, the user will be redirected directly to the URL that was referenced by the src-attribute of the img-tag. The container seems to remember the user's last URL that points into a secured part of the website. Even if the user don't know about it :-) Of course the content of the simple HTML page can be placed wherever it's needed (in every other webapp at every position). But the submission to j_security_check should absolutely be HTTPS and POST because the credentials must be clear text. Risks: - No idea if every browser really "loads" the image of width and height zero. If not, the redirect will not work. - No idea if other containers allow this hack with the redirect Cheers Stefan View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3902307#3902307 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3902307 ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
