from:"Erik Johansson"

Direct call to j_security_check when using form based authorization

2002-02-18 Thread Erik Johansson



I am using form based authentication in my application. When trying to 
access a protected resource, the container automatically prompts the login
form to the user, where he can fill in authentication info (username and
password). 

Code from login.jsp:

form method=POST action=j_security_check
input type=text name=j_username
input type=password name=j_password
/form

Here the Servlet-specification dictates that the action to be called from
the login form must be j_security_check, and that the parameters passed from
the form must have the names j_username and j_password.

This way of logging in works very well. But this requires that the user is
trying to access a restricted area of the application. I would like to add
functionality to my application that allows the user to make a direct login
from a public page, without landing at an intermediate login page. Is there
a way to call the j_security_check directly from another page? I have made
some experiments but I have not succeeded. 

Does anyone have any advices regarding this subject. I such a case I would
be very thankful to hear.

Erik Johansson

Direct call to j_security_check when using form based authorization

2002-02-18 Thread Erik Johansson



I am using form based authentication in my application. When trying to 
access a protected resource, the container automatically prompts the login
form to the user, where he can fill in authentication info (username and
password). 

Code from login.jsp:

form method=POST action=j_security_check
input type=text name=j_username
input type=password name=j_password
/form

Here the Servlet-specification dictates that the action to be called from
the login form must be j_security_check, and that the parameters passed from
the form must have the names j_username and j_password.

This way of logging in works very well. But this requires that the user is
trying to access a restricted area of the application. I would like to add
functionality to my application that allows the user to make a direct login
from a public page, without landing at an intermediate login page. Is there
a way to call the j_security_check directly from another page? I have made
some experiments but I have not succeeded. 

Does anyone have any advices regarding this subject. I such a case I would
be very thankful to hear.

Erik Johansson

RE: Direct call to j_security_check when using form based authori zati on

2002-02-18 Thread Erik Johansson



Thank you for your answer. I understand what you mean, but I am afraid I did
not specify my problem enough.
I would like to have a login form (fast login) on my public page where a
visitor can directly insert username and password. When the client press the
login button I would like to send him to the correct page (which is
restricted) without forcing him to visit the login.jsp (the page specified
as form-login-page in the web.xml). This seems natural since he has
already added his login data once. If the client is trying to access a
restricted page without using the fast login, then it is of course desirable
that the container intercepts the call and shows the login form. 

What I have tried to do is to attache the username and the password in the
http-parameter list (with post) when directing the user from the fast login
form to a restricted area, and then to automatically forward the call to the
j_security_check from the login.jsp if a password and a username is attached
to the http-parameter list. The problem is that the Orion web-server does
not accept the direct call to the j_security_check.

Does anyone have any ideas about how to solve this problem? 

Below you´ll find my test login.jsp and the error message from the
web-browser.

Best regards,

Erik


login.jsp :

html
headtitleTest System/title/head
body bgcolor=white

%!
private String username;
private String password;

public void jspInit() { 
//System.out.println(Running init...);
}

public void jspDestroy() {

}
%

%
username = request.getParameter(username);
password = request.getParameter(password);
String j_username = username; 
String j_password = password; 
%

jsp:forward page=%= j_security_check;j_username= + 
java.net.URLEncoder.encode(j_username) + j_password= + 
java.net.URLEncoder.encode(j_password) %
/ 

/body
/html
-

Error message from web-browser :
--
java.lang.IllegalArgumentException: Resource
/j_security_check;j_username=pellej_password=pelle123 not found
at com.evermind[Orion/1.5.2 (build
10460)].server.http.EvermindPageContext.forward(Unknown Source)
at /login.jsp._jspService(/login.jsp.java:49)
at com.orionserver[Orion/1.5.2 (build
10460)].http.OrionHttpJspPage.service(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._ah._rad(Unknown Source)
at com.evermind[Orion/1.5.2 (build
10460)].server.http.JSPServlet.service(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._cxb._abe(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._cxb._uec(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._cxb.forward(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._ctb.reject(Unknown
Source)
at com.evermind[Orion/1.5.2 (build 10460)]._ah._fod(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._ah._cwc(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._io._twc(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._io._gc(Unknown Source)
at com.evermind[Orion/1.5.2 (build 10460)]._if.run(Unknown Source)






-Original Message-
From: Douma, Ate [mailto:[EMAIL PROTECTED]] 
Sent: den 18 februari 2002 12:26
To: Orion-Interest
Subject: RE: Direct call to j_security_check when using form based authori
zati on

Define an secure url (e.g. /secure/requestedLogin) which forces the user to
login (just as you described) and request it from a button or link on the
public page you want.
When the user isn't logged in yet the servlet container will intercept the
request and force the user to login remembering the requested url and
redirects the user to this original url after login.
From the destination page (your secure url) you can send a client side
redirect to the original (public) page or somewhere else (secure or
non-secure).

 -Original Message-
 From: Erik Johansson [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 18, 2002 10:39 AM
 To: Orion-Interest
 Subject: Direct call to j_security_check when using form based
 authorizati on
 
 
 
 I am using form based authentication in my application. When 
 trying to 
 access a protected resource, the container automatically 
 prompts the login
 form to the user, where he can fill in authentication info 
 (username and
 password). 
 
 Code from login.jsp:
 
 form method=POST action=j_security_check
 input type=text name=j_username
 input type=password name=j_password
 /form
 
 Here the Servlet-specification dictates that the action to be 
 called from
 the login form must be j_security_check

Direct call to j_security_check when using form based authorization

Direct call to j_security_check when using form based authorization

RE: Direct call to j_security_check when using form based authori zati on

3 matches

Site Navigation

Mail list logo

Footer information