Re: handling form based authentication w/ remember-me cookie

Mon, 12 Jan 2004 21:22:59 -0800

Remember Me functionality with j_security_check has worked fine for me. I just go to a LoginServlet from my loginForm, which sets cookies and redirects to j_security_check. Then I map a Filter to check for those cookies and logs the user in appropriately. More with code at:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg86636.html

Complete code is available in my AppFuse application at:

http://raibledesigns.com/wiki/Wiki.jsp?page=AppFuse

HTH,

Matt

On Jan 12, 2004, at 8:41 PM, Max Cooper wrote:

Dipak,

Are you certain that the filter will be invoked on the /j_security_check
request when container-based security is used? I have not tested this, but
it would not surprise me to find that some containers do not execute filters
on /j_security_check requests. I don't know if the Servlet Spec says
anything about this case.

Chris,

Another alternative to the original problem of security with "remember me"
functionality will be available soon. A patch has been submitted to my
SecurityFilter project (http://www.securityfilter.org/) to support "remember
me" functionality. The integration should be complete soon, and a beta
release will be made available once the integration is complete.
SecurityFilter works very much like container-managed security otherwise,
including the configuration format (except that you declare the constraints
in a separate config file rather than web.xml).

-Max

----- Original Message -----
From: "Parmar, Dipakkumar" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, January 12, 2004 7:43 AM
Subject: RE: handling form based authentication w/ remember-me cookie


Hi Chris,

You can do this using Servlet Filter.  What you need to do is write
postLoginFilter that maps to the j_security_check url.

In doFilter method, you can write your post login code after
j_security_check done is work.

Something like:
public void doFilter(.....)

// let the j_security_check to do it's work
chain.doFilter(request, response)

// do you post login stuff here

Regards,
Dipak Parmar



-----Original Message-----
From: Chris Ruegger [mailto:[EMAIL PROTECTED]
Sent: Monday, January 12, 2004 9:53 AM
To: Struts Users Mailing List
Subject: handling form based authentication w/ remember-me cookie


I am using Struts and building a logon page to do Form-based
authentication
under Tomcat. I want to also have a checkbox for the user to check that
says
"remember me" so that I can send them a cookie. I'm not sure how to
"intercept"
the form values because I have to post to j_security_check. How can I get
the
check-box value, set up the cookie, and send them to j_security_check with
struts?

Thanks


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to