Subject: Re: [JBoss-user] update on automatic login Date: Wed, 5 Mar
2003 11:03:02 -0500 Reply-To:
[EMAIL PROTECTED] Wouldn't it be possible for you to perform a POST
from within a servlet
using the same JSESSIONID cookie that the user's brow
Wouldn't it be possible for you to perform a POST from within a
servlet using the same JSESSIONID cookie that the user's browser
sent, then forward their browser back to the page? The POST would
simulate a FORM login, and if the cookie is the same the web
application would think it was the user
FYI, this technique doesn't work:
copy code out of JBossSecurityMgrRealm for login and stick in
servlet that is not restricted w/ declarative security
log in using this code, set REMOTE_USER header and set
j_subject to be the Subject in the session
in case anyone else heads down this path.
