Thank you Wonsan for your reply. But even if I implement a servlet like o.a.j.login.LoginProxyServlet I need always to autenticate the user to the Tomcat realm passing j_username and j_password variables, don't? I studied the login portlet and in one the login steps there is a submit (in the onLoad javascript event of the page) that POSTs these two variables to the action <jetspeed>/login/j_security_check .
At the moment I used an AJAX, all client side, approach.
After successful user registration (also this step in an AJAX style) I
created a chain of POSTs/GETs to simulate the user interaction for all
login steps.
For those that know jQuery ajax() function this is the chain (in
Velocity/Javascript code):
## AJAX - POST
verso /.../login/proxy , parametri:
org.apache.jetspeed.login.username=<username>&org.apache.jetspeed.login.password=<password>
$.ajax({
url:
'/<jetspeed_dir>/login/proxy',
type: 'POST',
data:
{"org.apache.jetspeed.login.username": username,
"org.apache.jetspeed.login.password": password},
error: function() {},
success: function(data) {
## AJAX - GET verso
/ys/login/redirector
$.ajax({
url:
'/<jetspeed_dir>/login/redirector',
type: 'GET',
data: {},
error:
function() {},
success:
function(data) {
## AJAX
- POST verso /.../login/j_security_check ,
parametri: j_username=<username>&j_password=<password>
$.ajax({
url: '/<jetspeed_dir>/login/j_security_check',
type: 'POST',
data: {"j_username": username, "j_password": password},
error: function() {},
success: function(data) {
## AJAX - GET verso /.../login/redirector
$.ajax({
url: '/<jetspeed_dir>/login/redirector',
type: 'GET',
data: {},
error: function() {},
success: function(data) {
/* last redirect */
document.location.href = '<go where you want!>';
}
});
}
});
}
});
}
});
The code is a bit confused but the story is this:
After user registration we POST to <jetspeed_dir>/login/proxy with the
user credentials in the form org.apache.jetspeed.login.username=username
and org.apache.jetspeed.login.password=password ,
If the POST response is ok, then we GET to
<jetspeed_dir>/login/redirector with no data,
After this, we POST again to <jetspeed_dir>/login/j_security_check with
j_username and j_password variables (this step is the same of the
standard form auto submission made by LoginPortlet)
and as a last step we GET again to <jetspeed_dir>/login/redirector with
no data.
This long request chain let me login the user, with all cookies and
session variables correctly set, and I can redirect him anywhere in my
portal.
Obviously all the credentials are sent in plain text.
Hope this can help someone.
ROb
