Alex, Purely by coincidence this capability has just been added to OSUser (http://www.opensymphony.com/osuser) today.
Besides all it's other features, you can now perform server agnostic login (at the moment only JBoss and Orion are supported - but other servers should be fairly trivial to write). A code snippet like: Usermanager um = UserManager.getInstance(); Authenticator authenticator = um.getAuthenticator(); boolean loginSuccessful = authenicator.login(username, password); I've just updated the JavaDocs on the site - see http://www.opensymphony.com/osuser Hope this helps! Cheers, Mike PS We're looking for lots of people to test OSUser on a variety of application servers - at the moment JBoss, Orion, Resin and partial-Weblogic support is there but we need other users. Please feel free to email me directly if you're keen to help out/test/advise etc. Mike Cannon-Brookes [EMAIL PROTECTED] ATLASSIAN - Your J2EE Expert Partner -------------------------------------------------------- > Brilliant Software - http://www.atlassian.com/software > Legendary Services - http://www.atlassian.com/support On 20/2/02 7:28 AM, "Alex Paransky" ([EMAIL PROTECTED]) penned the words: > Isn't RoleManager specific to Orion Server, only? Is there a way to > accomodate this without using Orion specific extensions? > > -AP_ > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Erik Johansson > Sent: Tuesday, February 19, 2002 7:38 AM > To: Orion-Interest > Subject: RE: Re[2]: Direct call to j_security_check when using form > based authori zati on > > > > Thank you Jan and Sergey for your advices. With help from you I have managed > to solve my problem. > > Best regards, > > Erik > > > -----Original Message----- > From: Sergey G. Aslanov [mailto:[EMAIL PROTECTED]] > Sent: den 19 februari 2002 09:00 > To: Orion-Interest > Subject: Re[2]: Direct call to j_security_check when using form based > authori zati on > > Hi, Erik > > You can login your user in program way by using RoleManager. > > In your main page make form: > <form action="login.jsp"> > <input type="text" name="login"/> > <input type="password" name="password"/> > </form> > > Your login.jsp is something like that: > > RoleManager roleManager = (RoleManager) new > InitialContext().lookup("java:comp/RoleManager"); > try { > roleManager.login(request.getParameter("username"), > request.getParameter("password")); > } catch (SecurityException ex) { > response.sendRedirect("main.jsp"); > } > response.sendRedirect("your_protected_page.jsp"); > // your protected page have to be protected in web.xml > > > I didn't ever try to do it for myself, but I think it will help you. > > Monday, February 18, 2002, 10:29:42 PM, you wrote: > > > EJ> Thank you for your answer. I understand what you mean, but I am afraid I > did > EJ> not specify my problem enough. > EJ> I would like to have a login form (fast login) on my public page where a > EJ> visitor can directly insert username and password. When the client press > the > EJ> login button I would like to send him to the correct page (which is > EJ> restricted) without forcing him to visit the login.jsp (the page > specified > EJ> as <form-login-page> in the web.xml). This seems natural since he has > EJ> already added his login data once. If the client is trying to access a > EJ> restricted page without using the fast login, then it is of course > desirable > EJ> that the container intercepts the call and shows the login form. > > EJ> What I have tried to do is to attache the username and the password in > the > EJ> http-parameter list (with post) when directing the user from the fast > login > EJ> form to a restricted area, and then to automatically forward the call to > the > EJ> j_security_check from the login.jsp if a password and a username is > attached > EJ> to the http-parameter list. The problem is that the Orion web-server > does > EJ> not accept the direct call to the j_security_check. > > EJ> Does anyone have any ideas about how to solve this problem? > > EJ> Below youŽll find my test login.jsp and the error message from the > EJ> web-browser. > > EJ> Best regards, > > EJ> Erik > > > EJ> login.jsp : > EJ> ---------------------------------------------------------------- > EJ> <html> > EJ> <head><title>Test System</title></head> > EJ> <body bgcolor="white"> > > EJ> <%! > EJ> private String username; > EJ> private String password; > > EJ> public void jspInit() { > EJ> //System.out.println("Running init..."); > EJ> } > > EJ> public void jspDestroy() { > > EJ> } > %>> > > EJ> <% > EJ> username = request.getParameter("username"); > EJ> password = request.getParameter("password"); > EJ> String j_username = username; > EJ> String j_password = password; > %>> > > EJ> <jsp:forward page=<%= "j_security_check;j_username=" + > EJ> java.net.URLEncoder.encode(j_username) + "&j_password=" + > EJ> java.net.URLEncoder.encode(j_password) %> > />> > > EJ> </body> > EJ> </html> > EJ> --------------------------------------------------------------------- > > EJ> Error message from web-browser : > EJ> > -------------------------------------------------------------------------- > EJ> java.lang.IllegalArgumentException: Resource > EJ> /j_security_check;j_username=pelle&j_password=pelle123 not found > EJ> at com.evermind[Orion/1.5.2 (build > EJ> 10460)].server.http.EvermindPageContext.forward(Unknown Source) > EJ> at /login.jsp._jspService(/login.jsp.java:49) > EJ> at com.orionserver[Orion/1.5.2 (build > EJ> 10460)].http.OrionHttpJspPage.service(Unknown Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ah._rad(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build > EJ> 10460)].server.http.JSPServlet.service(Unknown Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._cxb._abe(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._cxb._uec(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._cxb.forward(Unknown > EJ> Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ctb.reject(Unknown > EJ> Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ah._fod(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._ah._cwc(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._io._twc(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._io._gc(Unknown > Source) > EJ> at com.evermind[Orion/1.5.2 (build 10460)]._if.run(Unknown > Source) > EJ> > ---------------------------------------------------------------------------- > > > > > > EJ> -----Original Message----- > EJ> From: Douma, Ate [mailto:[EMAIL PROTECTED]] > EJ> Sent: den 18 februari 2002 12:26 > EJ> To: Orion-Interest > EJ> Subject: RE: Direct call to j_security_check when using form based > authori > EJ> zati on > > EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user > to > EJ> login (just as you described) and request it from a button or link on > the > EJ> public page you want. > EJ> When the user isn't logged in yet the servlet container will intercept > the > EJ> request and force the user to login remembering the requested url and > EJ> redirects the user to this original url after login. > EJ> From the destination page (your secure url) you can send a client side > EJ> redirect to the original (public) page or somewhere else (secure or > EJ> non-secure). > >>> -----Original Message----- >>> From: Erik Johansson [mailto:[EMAIL PROTECTED]] >>> Sent: Monday, February 18, 2002 10:39 AM >>> To: Orion-Interest >>> Subject: Direct call to j_security_check when using form based >>> authorizati on >>> >>> >>> >>> I am using form based authentication in my application. When >>> trying to >>> access a protected resource, the container automatically >>> prompts the login >>> form to the user, where he can fill in authentication info >>> (username and >>> password). >>> >>> Code from login.jsp: >>> >>> <form method="POST" action="j_security_check"> >>> <input type="text" name="j_username"> >>> <input type="password" name="j_password"> >>> </form> >>> >>> Here the Servlet-specification dictates that the action to be >>> called from >>> the login form must be j_security_check, and that the >>> parameters passed from >>> the form must have the names j_username and j_password. >>> >>> This way of logging in works very well. But this requires >>> that the user is >>> trying to access a restricted area of the application. I >>> would like to add >>> functionality to my application that allows the user to make >>> a direct login >>> from a public page, without landing at an intermediate login >>> page. Is there >>> a way to call the j_security_check directly from another >>> page? I have made >>> some experiments but I have not succeeded. >>> >>> Does anyone have any advices regarding this subject. I such a >>> case I would >>> be very thankful to hear. >>> >>> Erik Johansson >>> > > -- > Sergey G. Aslanov, > CBOSS Group, > Web-technologies department > mailto:[EMAIL PROTECTED] > tel: +7 095 7555655 > >