RE: Re[2]: Direct call to j_security_check when using form based authori zati on
Isn't RoleManager specific to Orion Server, only? Is there a way to accomodate this without using Orion specific extensions? -AP_ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Erik Johansson Sent: Tuesday, February 19, 2002 7:38 AM To: Orion-Interest Subject: RE: Re[2]: Direct call to j_security_check when using form based authori zati on Thank you Jan and Sergey for your advices. With help from you I have managed to solve my problem. Best regards, Erik -Original Message- From: Sergey G. Aslanov [mailto:[EMAIL PROTECTED]] Sent: den 19 februari 2002 09:00 To: Orion-Interest Subject: Re[2]: Direct call to j_security_check when using form based authori zati on Hi, Erik You can login your user in program way by using RoleManager. In your main page make form: Your login.jsp is something like that: RoleManager roleManager = (RoleManager) new InitialContext().lookup("java:comp/RoleManager"); try { roleManager.login(request.getParameter("username"), request.getParameter("password")); } catch (SecurityException ex) { response.sendRedirect("main.jsp"); } response.sendRedirect("your_protected_page.jsp"); // your protected page have to be protected in web.xml I didn't ever try to do it for myself, but I think it will help you. Monday, February 18, 2002, 10:29:42 PM, you wrote: EJ> Thank you for your answer. I understand what you mean, but I am afraid I did EJ> not specify my problem enough. EJ> I would like to have a login form (fast login) on my public page where a EJ> visitor can directly insert username and password. When the client press the EJ> login button I would like to send him to the correct page (which is EJ> restricted) without forcing him to visit the login.jsp (the page specified EJ> as in the web.xml). This seems natural since he has EJ> already added his login data once. If the client is trying to access a EJ> restricted page without using the fast login, then it is of course desirable EJ> that the container intercepts the call and shows the login form. EJ> What I have tried to do is to attache the username and the password in the EJ> http-parameter list (with post) when directing the user from the fast login EJ> form to a restricted area, and then to automatically forward the call to the EJ> j_security_check from the login.jsp if a password and a username is attached EJ> to the http-parameter list. The problem is that the Orion web-server does EJ> not accept the direct call to the j_security_check. EJ> Does anyone have any ideas about how to solve this problem? EJ> Below you´ll find my test login.jsp and the error message from the EJ> web-browser. EJ> Best regards, EJ> Erik EJ> login.jsp : EJ> EJ> EJ> Test System EJ> EJ> <%! EJ> private String username; EJ> private String password; EJ> public void jspInit() { EJ> //System.out.println("Running init..."); EJ> } EJ> public void jspDestroy() { EJ> } %>> EJ> <% EJ> username = request.getParameter("username"); EJ> password = request.getParameter("password"); EJ> String j_username = username; EJ> String j_password = password; %>> EJ> mailto:[EMAIL PROTECTED]] EJ> Sent: den 18 februari 2002 12:26 EJ> To: Orion-Interest EJ> Subject: RE: Direct call to j_security_check when using form based authori EJ> zati on EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user to EJ> login (just as you described) and request it from a button or link on the EJ> public page you want. EJ> When the user isn't logged in yet the servlet container will intercept the EJ> request and force the user to login remembering the requested url and EJ> redirects the user to this original url after login. EJ> From the destination page (your secure url) you can send a client side EJ> redirect to the original (public) page or somewhere else (secure or EJ> non-secure). >> -Original Message- >> From: Erik Johansson [mailto:[EMAIL PROTECTED]] >> Sent: Monday, February 18, 2002 10:39 AM >> To: Orion-Interest >> Subject: Direct call to j_security_check when using form based >> authorizati on >> >> >> >> I am using form based authentication in my application. When >> trying to >> access a protected resource, the container automatically >> prompts the login >> form to the user, where he can fill in authentication info >> (username and >> password). >> >> Code from login.jsp: >> >> >> >> >> &g
RE: Re[2]: Direct call to j_security_check when using form based authori zati on
Thank you Jan and Sergey for your advices. With help from you I have managed to solve my problem. Best regards, Erik -Original Message- From: Sergey G. Aslanov [mailto:[EMAIL PROTECTED]] Sent: den 19 februari 2002 09:00 To: Orion-Interest Subject: Re[2]: Direct call to j_security_check when using form based authori zati on Hi, Erik You can login your user in program way by using RoleManager. In your main page make form: Your login.jsp is something like that: RoleManager roleManager = (RoleManager) new InitialContext().lookup("java:comp/RoleManager"); try { roleManager.login(request.getParameter("username"), request.getParameter("password")); } catch (SecurityException ex) { response.sendRedirect("main.jsp"); } response.sendRedirect("your_protected_page.jsp"); // your protected page have to be protected in web.xml I didn't ever try to do it for myself, but I think it will help you. Monday, February 18, 2002, 10:29:42 PM, you wrote: EJ> Thank you for your answer. I understand what you mean, but I am afraid I did EJ> not specify my problem enough. EJ> I would like to have a login form (fast login) on my public page where a EJ> visitor can directly insert username and password. When the client press the EJ> login button I would like to send him to the correct page (which is EJ> restricted) without forcing him to visit the login.jsp (the page specified EJ> as in the web.xml). This seems natural since he has EJ> already added his login data once. If the client is trying to access a EJ> restricted page without using the fast login, then it is of course desirable EJ> that the container intercepts the call and shows the login form. EJ> What I have tried to do is to attache the username and the password in the EJ> http-parameter list (with post) when directing the user from the fast login EJ> form to a restricted area, and then to automatically forward the call to the EJ> j_security_check from the login.jsp if a password and a username is attached EJ> to the http-parameter list. The problem is that the Orion web-server does EJ> not accept the direct call to the j_security_check. EJ> Does anyone have any ideas about how to solve this problem? EJ> Below you´ll find my test login.jsp and the error message from the EJ> web-browser. EJ> Best regards, EJ> Erik EJ> login.jsp : EJ> EJ> EJ> Test System EJ> EJ> <%! EJ> private String username; EJ> private String password; EJ> public void jspInit() { EJ> //System.out.println("Running init..."); EJ> } EJ> public void jspDestroy() { EJ> } %>> EJ> <% EJ> username = request.getParameter("username"); EJ> password = request.getParameter("password"); EJ> String j_username = username; EJ> String j_password = password; %>> EJ> mailto:[EMAIL PROTECTED]] EJ> Sent: den 18 februari 2002 12:26 EJ> To: Orion-Interest EJ> Subject: RE: Direct call to j_security_check when using form based authori EJ> zati on EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user to EJ> login (just as you described) and request it from a button or link on the EJ> public page you want. EJ> When the user isn't logged in yet the servlet container will intercept the EJ> request and force the user to login remembering the requested url and EJ> redirects the user to this original url after login. EJ> From the destination page (your secure url) you can send a client side EJ> redirect to the original (public) page or somewhere else (secure or EJ> non-secure). >> -Original Message- >> From: Erik Johansson [mailto:[EMAIL PROTECTED]] >> Sent: Monday, February 18, 2002 10:39 AM >> To: Orion-Interest >> Subject: Direct call to j_security_check when using form based >> authorizati on >> >> >> >> I am using form based authentication in my application. When >> trying to >> access a protected resource, the container automatically >> prompts the login >> form to the user, where he can fill in authentication info >> (username and >> password). >> >> Code from login.jsp: >> >> >> >> >> >> >> Here the Servlet-specification dictates that the action to be >> called from >> the login form must be j_security_check, and that the >> parameters passed from >> the form must have the names j_username and j_password. >> >> This way of logging in works very well. But this requires >> tha
Re[2]: Direct call to j_security_check when using form based authori zati on
Hi, Erik You can login your user in program way by using RoleManager. In your main page make form: Your login.jsp is something like that: RoleManager roleManager = (RoleManager) new InitialContext().lookup("java:comp/RoleManager"); try { roleManager.login(request.getParameter("username"), request.getParameter("password")); } catch (SecurityException ex) { response.sendRedirect("main.jsp"); } response.sendRedirect("your_protected_page.jsp"); // your protected page have to be protected in web.xml I didn't ever try to do it for myself, but I think it will help you. Monday, February 18, 2002, 10:29:42 PM, you wrote: EJ> Thank you for your answer. I understand what you mean, but I am afraid I did EJ> not specify my problem enough. EJ> I would like to have a login form (fast login) on my public page where a EJ> visitor can directly insert username and password. When the client press the EJ> login button I would like to send him to the correct page (which is EJ> restricted) without forcing him to visit the login.jsp (the page specified EJ> as in the web.xml). This seems natural since he has EJ> already added his login data once. If the client is trying to access a EJ> restricted page without using the fast login, then it is of course desirable EJ> that the container intercepts the call and shows the login form. EJ> What I have tried to do is to attache the username and the password in the EJ> http-parameter list (with post) when directing the user from the fast login EJ> form to a restricted area, and then to automatically forward the call to the EJ> j_security_check from the login.jsp if a password and a username is attached EJ> to the http-parameter list. The problem is that the Orion web-server does EJ> not accept the direct call to the j_security_check. EJ> Does anyone have any ideas about how to solve this problem? EJ> Below you´ll find my test login.jsp and the error message from the EJ> web-browser. EJ> Best regards, EJ> Erik EJ> login.jsp : EJ> EJ> EJ> Test System EJ> EJ> <%! EJ> private String username; EJ> private String password; EJ> public void jspInit() { EJ> //System.out.println("Running init..."); EJ> } EJ> public void jspDestroy() { EJ> } %>> EJ> <% EJ> username = request.getParameter("username"); EJ> password = request.getParameter("password"); EJ> String j_username = username; EJ> String j_password = password; %>> EJ> mailto:[EMAIL PROTECTED]] EJ> Sent: den 18 februari 2002 12:26 EJ> To: Orion-Interest EJ> Subject: RE: Direct call to j_security_check when using form based authori EJ> zati on EJ> Define an secure url (e.g. /secure/requestedLogin) which forces the user to EJ> login (just as you described) and request it from a button or link on the EJ> public page you want. EJ> When the user isn't logged in yet the servlet container will intercept the EJ> request and force the user to login remembering the requested url and EJ> redirects the user to this original url after login. EJ> From the destination page (your secure url) you can send a client side EJ> redirect to the original (public) page or somewhere else (secure or EJ> non-secure). >> -Original Message- >> From: Erik Johansson [mailto:[EMAIL PROTECTED]] >> Sent: Monday, February 18, 2002 10:39 AM >> To: Orion-Interest >> Subject: Direct call to j_security_check when using form based >> authorizati on >> >> >> >> I am using form based authentication in my application. When >> trying to >> access a protected resource, the container automatically >> prompts the login >> form to the user, where he can fill in authentication info >> (username and >> password). >> >> Code from login.jsp: >> >> >> >> >> >> >> Here the Servlet-specification dictates that the action to be >> called from >> the login form must be j_security_check, and that the >> parameters passed from >> the form must have the names j_username and j_password. >> >> This way of logging in works very well. But this requires >> that the user is >> trying to access a restricted area of the application. I >> would like to add >> functionality to my application that allows the user to make >> a direct login >> from a public page, without landing at an intermediate login >> page. Is there >> a way to call the j_security_check directly from another >> page? I have made >> some experiments but I have not succeeded. >> >> Does anyone have any advices regarding this subject. I such a >> case I would >> be very thankful to hear. >> >> Erik Johansson >> -- Sergey G. Aslanov, CBOSS Group, Web-technologies department mailto:[EMAIL PROTECTED] tel: +7 095 7555655