RE: Re[2]: Direct call to j_security_check when using form based authori zati on
Isn't RoleManager specific to Orion Server, only? Is there a way to
accomodate this without using Orion specific extensions?
-AP_
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Erik Johansson
Sent: Tuesday, February 19, 2002 7:38 AM
To: Orion-Interest
Subject: RE: Re[2]: Direct call to j_security_check when using form
based authori zati on
Thank you Jan and Sergey for your advices. With help from you I have managed
to solve my problem.
Best regards,
Erik
-Original Message-
From: Sergey G. Aslanov [mailto:[EMAIL PROTECTED]]
Sent: den 19 februari 2002 09:00
To: Orion-Interest
Subject: Re[2]: Direct call to j_security_check when using form based
authori zati on
Hi, Erik
You can login your user in program way by using RoleManager.
In your main page make form:
Your login.jsp is something like that:
RoleManager roleManager = (RoleManager) new
InitialContext().lookup("java:comp/RoleManager");
try {
roleManager.login(request.getParameter("username"),
request.getParameter("password"));
} catch (SecurityException ex) {
response.sendRedirect("main.jsp");
}
response.sendRedirect("your_protected_page.jsp");
// your protected page have to be protected in web.xml
I didn't ever try to do it for myself, but I think it will help you.
Monday, February 18, 2002, 10:29:42 PM, you wrote:
EJ> Thank you for your answer. I understand what you mean, but I am afraid I
did
EJ> not specify my problem enough.
EJ> I would like to have a login form (fast login) on my public page where a
EJ> visitor can directly insert username and password. When the client press
the
EJ> login button I would like to send him to the correct page (which is
EJ> restricted) without forcing him to visit the login.jsp (the page
specified
EJ> as in the web.xml). This seems natural since he has
EJ> already added his login data once. If the client is trying to access a
EJ> restricted page without using the fast login, then it is of course
desirable
EJ> that the container intercepts the call and shows the login form.
EJ> What I have tried to do is to attache the username and the password in
the
EJ> http-parameter list (with post) when directing the user from the fast
login
EJ> form to a restricted area, and then to automatically forward the call to
the
EJ> j_security_check from the login.jsp if a password and a username is
attached
EJ> to the http-parameter list. The problem is that the Orion web-server
does
EJ> not accept the direct call to the j_security_check.
EJ> Does anyone have any ideas about how to solve this problem?
EJ> Below you´ll find my test login.jsp and the error message from the
EJ> web-browser.
EJ> Best regards,
EJ> Erik
EJ> login.jsp :
EJ>
EJ>
EJ> Test System
EJ>
EJ> <%!
EJ> private String username;
EJ> private String password;
EJ> public void jspInit() {
EJ> //System.out.println("Running init...");
EJ> }
EJ> public void jspDestroy() {
EJ> }
%>>
EJ> <%
EJ> username = request.getParameter("username");
EJ> password = request.getParameter("password");
EJ> String j_username = username;
EJ> String j_password = password;
%>>
EJ> mailto:[EMAIL PROTECTED]]
EJ> Sent: den 18 februari 2002 12:26
EJ> To: Orion-Interest
EJ> Subject: RE: Direct call to j_security_check when using form based
authori
EJ> zati on
EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user
to
EJ> login (just as you described) and request it from a button or link on
the
EJ> public page you want.
EJ> When the user isn't logged in yet the servlet container will intercept
the
EJ> request and force the user to login remembering the requested url and
EJ> redirects the user to this original url after login.
EJ> From the destination page (your secure url) you can send a client side
EJ> redirect to the original (public) page or somewhere else (secure or
EJ> non-secure).
>> -Original Message-
>> From: Erik Johansson [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, February 18, 2002 10:39 AM
>> To: Orion-Interest
>> Subject: Direct call to j_security_check when using form based
>> authorizati on
>>
>>
>>
>> I am using form based authentication in my application. When
>> trying to
>> access a protected resource, the container automatically
>> prompts the login
>> form to the user, where he can fill in authentication info
>> (username and
>> password).
>>
>> Code from login.jsp:
>>
>>
>>
>>
>>
&g
RE: Re[2]: Direct call to j_security_check when using form based authori zati on
Thank you Jan and Sergey for your advices. With help from you I have managed
to solve my problem.
Best regards,
Erik
-Original Message-
From: Sergey G. Aslanov [mailto:[EMAIL PROTECTED]]
Sent: den 19 februari 2002 09:00
To: Orion-Interest
Subject: Re[2]: Direct call to j_security_check when using form based
authori zati on
Hi, Erik
You can login your user in program way by using RoleManager.
In your main page make form:
Your login.jsp is something like that:
RoleManager roleManager = (RoleManager) new
InitialContext().lookup("java:comp/RoleManager");
try {
roleManager.login(request.getParameter("username"),
request.getParameter("password"));
} catch (SecurityException ex) {
response.sendRedirect("main.jsp");
}
response.sendRedirect("your_protected_page.jsp");
// your protected page have to be protected in web.xml
I didn't ever try to do it for myself, but I think it will help you.
Monday, February 18, 2002, 10:29:42 PM, you wrote:
EJ> Thank you for your answer. I understand what you mean, but I am afraid I
did
EJ> not specify my problem enough.
EJ> I would like to have a login form (fast login) on my public page where a
EJ> visitor can directly insert username and password. When the client press
the
EJ> login button I would like to send him to the correct page (which is
EJ> restricted) without forcing him to visit the login.jsp (the page
specified
EJ> as in the web.xml). This seems natural since he has
EJ> already added his login data once. If the client is trying to access a
EJ> restricted page without using the fast login, then it is of course
desirable
EJ> that the container intercepts the call and shows the login form.
EJ> What I have tried to do is to attache the username and the password in
the
EJ> http-parameter list (with post) when directing the user from the fast
login
EJ> form to a restricted area, and then to automatically forward the call to
the
EJ> j_security_check from the login.jsp if a password and a username is
attached
EJ> to the http-parameter list. The problem is that the Orion web-server
does
EJ> not accept the direct call to the j_security_check.
EJ> Does anyone have any ideas about how to solve this problem?
EJ> Below you´ll find my test login.jsp and the error message from the
EJ> web-browser.
EJ> Best regards,
EJ> Erik
EJ> login.jsp :
EJ>
EJ>
EJ> Test System
EJ>
EJ> <%!
EJ> private String username;
EJ> private String password;
EJ> public void jspInit() {
EJ> //System.out.println("Running init...");
EJ> }
EJ> public void jspDestroy() {
EJ> }
%>>
EJ> <%
EJ> username = request.getParameter("username");
EJ> password = request.getParameter("password");
EJ> String j_username = username;
EJ> String j_password = password;
%>>
EJ> mailto:[EMAIL PROTECTED]]
EJ> Sent: den 18 februari 2002 12:26
EJ> To: Orion-Interest
EJ> Subject: RE: Direct call to j_security_check when using form based
authori
EJ> zati on
EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user
to
EJ> login (just as you described) and request it from a button or link on
the
EJ> public page you want.
EJ> When the user isn't logged in yet the servlet container will intercept
the
EJ> request and force the user to login remembering the requested url and
EJ> redirects the user to this original url after login.
EJ> From the destination page (your secure url) you can send a client side
EJ> redirect to the original (public) page or somewhere else (secure or
EJ> non-secure).
>> -Original Message-
>> From: Erik Johansson [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, February 18, 2002 10:39 AM
>> To: Orion-Interest
>> Subject: Direct call to j_security_check when using form based
>> authorizati on
>>
>>
>>
>> I am using form based authentication in my application. When
>> trying to
>> access a protected resource, the container automatically
>> prompts the login
>> form to the user, where he can fill in authentication info
>> (username and
>> password).
>>
>> Code from login.jsp:
>>
>>
>>
>>
>>
>>
>> Here the Servlet-specification dictates that the action to be
>> called from
>> the login form must be j_security_check, and that the
>> parameters passed from
>> the form must have the names j_username and j_password.
>>
>> This way of logging in works very well. But this requires
>> tha
Re[2]: Direct call to j_security_check when using form based authori zati on
Hi, Erik
You can login your user in program way by using RoleManager.
In your main page make form:
Your login.jsp is something like that:
RoleManager roleManager = (RoleManager) new
InitialContext().lookup("java:comp/RoleManager");
try {
roleManager.login(request.getParameter("username"),
request.getParameter("password"));
} catch (SecurityException ex) {
response.sendRedirect("main.jsp");
}
response.sendRedirect("your_protected_page.jsp");
// your protected page have to be protected in web.xml
I didn't ever try to do it for myself, but I think it will help you.
Monday, February 18, 2002, 10:29:42 PM, you wrote:
EJ> Thank you for your answer. I understand what you mean, but I am afraid I did
EJ> not specify my problem enough.
EJ> I would like to have a login form (fast login) on my public page where a
EJ> visitor can directly insert username and password. When the client press the
EJ> login button I would like to send him to the correct page (which is
EJ> restricted) without forcing him to visit the login.jsp (the page specified
EJ> as in the web.xml). This seems natural since he has
EJ> already added his login data once. If the client is trying to access a
EJ> restricted page without using the fast login, then it is of course desirable
EJ> that the container intercepts the call and shows the login form.
EJ> What I have tried to do is to attache the username and the password in the
EJ> http-parameter list (with post) when directing the user from the fast login
EJ> form to a restricted area, and then to automatically forward the call to the
EJ> j_security_check from the login.jsp if a password and a username is attached
EJ> to the http-parameter list. The problem is that the Orion web-server does
EJ> not accept the direct call to the j_security_check.
EJ> Does anyone have any ideas about how to solve this problem?
EJ> Below you´ll find my test login.jsp and the error message from the
EJ> web-browser.
EJ> Best regards,
EJ> Erik
EJ> login.jsp :
EJ>
EJ>
EJ> Test System
EJ>
EJ> <%!
EJ> private String username;
EJ> private String password;
EJ> public void jspInit() {
EJ> //System.out.println("Running init...");
EJ> }
EJ> public void jspDestroy() {
EJ> }
%>>
EJ> <%
EJ> username = request.getParameter("username");
EJ> password = request.getParameter("password");
EJ> String j_username = username;
EJ> String j_password = password;
%>>
EJ> mailto:[EMAIL PROTECTED]]
EJ> Sent: den 18 februari 2002 12:26
EJ> To: Orion-Interest
EJ> Subject: RE: Direct call to j_security_check when using form based authori
EJ> zati on
EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user to
EJ> login (just as you described) and request it from a button or link on the
EJ> public page you want.
EJ> When the user isn't logged in yet the servlet container will intercept the
EJ> request and force the user to login remembering the requested url and
EJ> redirects the user to this original url after login.
EJ> From the destination page (your secure url) you can send a client side
EJ> redirect to the original (public) page or somewhere else (secure or
EJ> non-secure).
>> -Original Message-
>> From: Erik Johansson [mailto:[EMAIL PROTECTED]]
>> Sent: Monday, February 18, 2002 10:39 AM
>> To: Orion-Interest
>> Subject: Direct call to j_security_check when using form based
>> authorizati on
>>
>>
>>
>> I am using form based authentication in my application. When
>> trying to
>> access a protected resource, the container automatically
>> prompts the login
>> form to the user, where he can fill in authentication info
>> (username and
>> password).
>>
>> Code from login.jsp:
>>
>>
>>
>>
>>
>>
>> Here the Servlet-specification dictates that the action to be
>> called from
>> the login form must be j_security_check, and that the
>> parameters passed from
>> the form must have the names j_username and j_password.
>>
>> This way of logging in works very well. But this requires
>> that the user is
>> trying to access a restricted area of the application. I
>> would like to add
>> functionality to my application that allows the user to make
>> a direct login
>> from a public page, without landing at an intermediate login
>> page. Is there
>> a way to call the j_security_check directly from another
>> page? I have made
>> some experiments but I have not succeeded.
>>
>> Does anyone have any advices regarding this subject. I such a
>> case I would
>> be very thankful to hear.
>>
>> Erik Johansson
>>
--
Sergey G. Aslanov,
CBOSS Group,
Web-technologies department
mailto:[EMAIL PROTECTED]
tel: +7 095 7555655
