Hi Matt and Abraham,
I would like to know why you say that you need to specify a login-form that does not have j_security-check as its action?
I am using this as the action and using Struts action classes to do the login?
-----Original Message-----
From: Abraham Kang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 12, 2001 4:25 PM
To: [EMAIL PROTECTED]
Subject: RE: Form-based Authentication
Hi Matt,
I have done this successfully with WebLogic 6.0 and 5.1 and JRun 3.1.
Here is what I learned.
If you need to do login preprocessing you will need to specify a
login-form that does not have j_security_check as its action. This login
form will submit to non-secured servlet. This servlet will do the
pre-processing and then forward the j_username and j_password to
j_security_check.
If you need post authentication routines then you will have to sniff the
session attribute that the requested URL was stored under. In WebLogic this
is "_wl_formauth_url". When they get to the login page you will need to
replace this attribute("_wl_formauth_url") with the post-processing servlet
URL. At the same time you will need to store the original value of session
attribute ("_wl_formauth_url") to some other key in the session that the
post-processing servlet can use to redirect the user to their desired url
after post processing.
Hope This Helps,
Abraham
> -----Original Message-----
> From: Matt Raible [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 12, 2001 3:14 PM
> To: [EMAIL PROTECTED]
> Subject: Form-based Authentication
>
>
> Has anyone implemented form-based authentication and Struts as defined by
> the J2EE Blueprints?
>
> http://java.sun.com/j2ee/blueprints/packaging_deployment/descripto
> rs/index.h
> tml#1035772
>
> If so, any lessons learned from the appserver you deployed in?
>
> Thanks,
>
> Matt
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>