Isn't RoleManager specific to Orion Server, only? Is there a way to accomodate this without using Orion specific extensions?
-AP_ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Erik Johansson Sent: Tuesday, February 19, 2002 7:38 AM To: Orion-Interest Subject: RE: Re[2]: Direct call to j_security_check when using form based authori zati on Thank you Jan and Sergey for your advices. With help from you I have managed to solve my problem. Best regards, Erik -----Original Message----- From: Sergey G. Aslanov [mailto:[EMAIL PROTECTED]] Sent: den 19 februari 2002 09:00 To: Orion-Interest Subject: Re[2]: Direct call to j_security_check when using form based authori zati on Hi, Erik You can login your user in program way by using RoleManager. In your main page make form: <form action="login.jsp"> <input type="text" name="login"/> <input type="password" name="password"/> </form> Your login.jsp is something like that: RoleManager roleManager = (RoleManager) new InitialContext().lookup("java:comp/RoleManager"); try { roleManager.login(request.getParameter("username"), request.getParameter("password")); } catch (SecurityException ex) { response.sendRedirect("main.jsp"); } response.sendRedirect("your_protected_page.jsp"); // your protected page have to be protected in web.xml I didn't ever try to do it for myself, but I think it will help you. Monday, February 18, 2002, 10:29:42 PM, you wrote: EJ> Thank you for your answer. I understand what you mean, but I am afraid I did EJ> not specify my problem enough. EJ> I would like to have a login form (fast login) on my public page where a EJ> visitor can directly insert username and password. When the client press the EJ> login button I would like to send him to the correct page (which is EJ> restricted) without forcing him to visit the login.jsp (the page specified EJ> as <form-login-page> in the web.xml). This seems natural since he has EJ> already added his login data once. If the client is trying to access a EJ> restricted page without using the fast login, then it is of course desirable EJ> that the container intercepts the call and shows the login form. EJ> What I have tried to do is to attache the username and the password in the EJ> http-parameter list (with post) when directing the user from the fast login EJ> form to a restricted area, and then to automatically forward the call to the EJ> j_security_check from the login.jsp if a password and a username is attached EJ> to the http-parameter list. The problem is that the Orion web-server does EJ> not accept the direct call to the j_security_check. EJ> Does anyone have any ideas about how to solve this problem? EJ> Below youŽll find my test login.jsp and the error message from the EJ> web-browser. EJ> Best regards, EJ> Erik EJ> login.jsp : EJ> ---------------------------------------------------------------- EJ> <html> EJ> <head><title>Test System</title></head> EJ> <body bgcolor="white"> EJ> <%! EJ> private String username; EJ> private String password; EJ> public void jspInit() { EJ> //System.out.println("Running init..."); EJ> } EJ> public void jspDestroy() { EJ> } %>> EJ> <% EJ> username = request.getParameter("username"); EJ> password = request.getParameter("password"); EJ> String j_username = username; EJ> String j_password = password; %>> EJ> <jsp:forward page=<%= "j_security_check;j_username=" + EJ> java.net.URLEncoder.encode(j_username) + "&j_password=" + EJ> java.net.URLEncoder.encode(j_password) %> />> EJ> </body> EJ> </html> EJ> --------------------------------------------------------------------- EJ> Error message from web-browser : EJ> -------------------------------------------------------------------------- EJ> java.lang.IllegalArgumentException: Resource EJ> /j_security_check;j_username=pelle&j_password=pelle123 not found EJ> at com.evermind[Orion/1.5.2 (build EJ> 10460)].server.http.EvermindPageContext.forward(Unknown Source) EJ> at /login.jsp._jspService(/login.jsp.java:49) EJ> at com.orionserver[Orion/1.5.2 (build EJ> 10460)].http.OrionHttpJspPage.service(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ah._rad(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build EJ> 10460)].server.http.JSPServlet.service(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._cxb._abe(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._cxb._uec(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._cxb.forward(Unknown EJ> Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ctb.reject(Unknown EJ> Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ah._fod(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ah._cwc(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._io._twc(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._io._gc(Unknown Source) EJ> at com.evermind[Orion/1.5.2 (build 10460)]._if.run(Unknown Source) EJ> ---------------------------------------------------------------------------- EJ> -----Original Message----- EJ> From: Douma, Ate [mailto:[EMAIL PROTECTED]] EJ> Sent: den 18 februari 2002 12:26 EJ> To: Orion-Interest EJ> Subject: RE: Direct call to j_security_check when using form based authori EJ> zati on EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user to EJ> login (just as you described) and request it from a button or link on the EJ> public page you want. EJ> When the user isn't logged in yet the servlet container will intercept the EJ> request and force the user to login remembering the requested url and EJ> redirects the user to this original url after login. EJ> From the destination page (your secure url) you can send a client side EJ> redirect to the original (public) page or somewhere else (secure or EJ> non-secure). >> -----Original Message----- >> From: Erik Johansson [mailto:[EMAIL PROTECTED]] >> Sent: Monday, February 18, 2002 10:39 AM >> To: Orion-Interest >> Subject: Direct call to j_security_check when using form based >> authorizati on >> >> >> >> I am using form based authentication in my application. When >> trying to >> access a protected resource, the container automatically >> prompts the login >> form to the user, where he can fill in authentication info >> (username and >> password). >> >> Code from login.jsp: >> >> <form method="POST" action="j_security_check"> >> <input type="text" name="j_username"> >> <input type="password" name="j_password"> >> </form> >> >> Here the Servlet-specification dictates that the action to be >> called from >> the login form must be j_security_check, and that the >> parameters passed from >> the form must have the names j_username and j_password. >> >> This way of logging in works very well. But this requires >> that the user is >> trying to access a restricted area of the application. I >> would like to add >> functionality to my application that allows the user to make >> a direct login >> from a public page, without landing at an intermediate login >> page. Is there >> a way to call the j_security_check directly from another >> page? I have made >> some experiments but I have not succeeded. >> >> Does anyone have any advices regarding this subject. I such a >> case I would >> be very thankful to hear. >> >> Erik Johansson >> -- Sergey G. Aslanov, CBOSS Group, Web-technologies department mailto:[EMAIL PROTECTED] tel: +7 095 7555655
