Re: re-Logon after session timeout

Thu, 06 Sep 2001 08:16:55 -0700 

"Ralph vd Houdt" <[EMAIL PROTECTED]> wrote:
> Hi Gregor,
> 
> This sound OK, Can you point me to documentation on this or give me
> additional information?
 
It is quite simple.

The "normal" login.jsp looks like this:

<form method="POST" action="j_security_check" >
Username: <input type="text" name="j_username"><br>
Password: <input type="password" name="j_password"><br> 
<br>
<input type="submit" value="login" name="j_security_check">
</form>


You would use something like this (for simplicity here pure JSP,
it can be done with Struts as well:


<form action='<%= respose.encodeUrl("/checklogin.jsp") %>' >
    User: <input name="user"><br>
    Company: <input name="company"><br>
    Password: <input name="password" type="password">
</form>

And checklogin.jsp would do something like this:

<%
  String j_username = 
    request.getParameter("company") + "/" + request.getParameter("user");
  String j_password = request.getParameter("password);
%>
<jsp:forward page='<%= "j_security_check?j_username=" + 
                        URLEncoder.encode(j_username) + 
                       "&j_password=" +
                        URLEncoder.encode(j_password) %>' /> 



Of course, the mapping logic from company+user to web-user can be 
more complex than simple concatenation with a "/" as separator.



Actually, I've never used it for such mapping. I've used it for
auto-login directly in the first login.jsp.

It checks to see, whether the user can be identified by a cookie and 
tries to retrieve the username/password from a database. Then, instead
of displaying the login form, it directly forwards to j_security_check.


groetjes

--
gR


 
> ----- Original Message -----
> From: "Gregor Rayman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, September 06, 2001 4:43 PM
> Subject: Re: re-Logon after session timeout
> 
> 
> > "Ralph vd Houdt" <[EMAIL PROTECTED]> wrote:
> >
> > > Hi Jon,
> > >
> > > This is not just what I want. I want to do a login based on 3 fields
> > > company/user/password and evaluate then to an EJB. The login should put
> an
> > > object in the session.
> > >
> > > Greetings Ralph
> >
> > You can do this with form based login as well.
> > Your form would not have the action "j_security_check", it would
> > point to another action which would map the three field to the
> > two (user/password) and forward to j_security_check.
> >
> > --
> > gR
> >
> >
> >
> 
>

Reply via email to