AFAIK, no, there is no way to do it. Here at work we've built a whole
security framework that works hand-in-hand with J2EE security,
specifically to deal with shortcomings just like this.
In our framework, we have a filter who has a couple of functions, and one
of them is exactly what you describe. Since j_security_check is nothing
but a servlet that a request is redirected to when intercepted, you still
have the opportunity to have a filter fire, so you can grab j_username and
j_password if you wish and stick them in session (assuming it is created
already... you may have set things up to not have a session at that
point).
--
Frank W. Zammetti
Founder and Chief Software Architect
Omnytex Technologies
http://www.omnytex.com
On Mon, August 1, 2005 9:04 am, Chris Holden said:
> Hi, I am using the built in security constraints to password protect some
> directories in my app. It works fine, but I was wondering when someone
> uses the login form to get to the passworded directory or page, is it
> possible to get the username and/or password that the user submits in the
> j_security_check form? I'd like to be able to set a cookie or session
> variable with the persons username in after they log in so the next time
> they come back to the site they see a personalised greeting kind of thing.
>
> I've tried printing out all request attributes/parameters, session
> variables and cookies after and before login but apart from the sessionid
> there isnt anything set.
>
> Does anyone know how to do what I want?
>
>
> Cheers,
>
> Chris.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
