[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic Login to web app
Hi cmiles123, I have been trying to implment option (using Ajax) without success. Do you have some reference code I could look into. Thank you View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905997#3905997 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905997 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic Login to web app
Just to wrap this topic up for the benefit of other people that may need to know this sort of thing. Here's how I solved my issues: 1) For authenticating via a Java client using commons httpclient you attempt to access a secured resource first and then post to the j_security_check servlet. You then follow the redirect that is returned at this point. 2) For authenticating via Javascript or in my case some JSP page you follow the same path as #1, whereby you attempt to access a secured resource before posting to j_security_check. bstansberry's comment about the AJAX stuff got me past the point that to complete the process you have to make sure the JSESSIONID cookie is retrieved and added to your current session (thank you for that) Now works like a charm, thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3905128#3905128 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3905128 --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic Login to web app
Yes, this can be done in Javascript; we did it at my former employer. I can't remember the exact details (I'm not an AJAX developer), but I believe our login page had the javascript to get the XMLHttpRequest and post back to security check. If we got a 200 from the server we then did a javascript redirect to the original target page. The key point was the session cookie that the browser already had was automatically presented back to the server along with any call we made using XMLHttpRequest -- we didn't have to do anything. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3904220#3904220 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3904220 --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic Login to web app
Form auth cannot be triggered by an arbitrary post. It has to be done in response to the container challenging a request to a secured resource in the context of a newly created session. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3904157#3904157 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3904157 --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic Login to web app
Hello, Thanks for your response. You either get a 400 or 404 HTTP error code and as I understand from reading other posts this is because you aren't allowed to access the login page or j_security_check directly. You must access a secured resource and let the normal j2ee mechanics redirect you to the login page. So knowing this, I have managed to get automatic login to work using the commons httpclient API. In fact, there are some JBoss testcases that do this already. What I'm still struggling with is whether this can be done via JavaScript. We have a java client that launches the browser and accesses secured resources. With other app servers (WebLogic and WebSphere) we just POST directly to j_security_check, passing in the credentials via j_username/j_password via some HTML and JavaScript. This doesn't appear to work under JBoss so I was wanting anyone that has achieved this to outline their methods. Thanks View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3904106#3904106 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3904106 --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] [Security & JAAS/JBoss] - Re: Automatic Login to web app
what is the error you are getting and please post the stack trace View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3904102#3904102 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3904102 --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user