Quoting Matt Raible <[EMAIL PROTECTED]>: > Remember Me functionality with j_security_check has worked fine for me. > I just go to a LoginServlet from my loginForm, which sets cookies and > redirects to j_security_check. Then I map a Filter to check for those > cookies and logs the user in appropriately. More with code at: > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg86636.html > > Complete code is available in my AppFuse application at: > > http://raibledesigns.com/wiki/Wiki.jsp?page=AppFuse > > HTH, > > Matt >
Filters are *not* required to be invoked on j_security_check invocations. In fact, Tomcat won't even enable the "j_security_check" url unless an unauthenticated user accesses a protected resource. Basically, I believe there is no guaranteed-to-be-portable way to implement "remember me" functionality on the server using container managed security. Craig > On Jan 12, 2004, at 8:41 PM, Max Cooper wrote: > > > Dipak, > > > > Are you certain that the filter will be invoked on the > > /j_security_check > > request when container-based security is used? I have not tested this, > > but > > it would not surprise me to find that some containers do not execute > > filters > > on /j_security_check requests. I don't know if the Servlet Spec says > > anything about this case. > > > > Chris, > > > > Another alternative to the original problem of security with "remember > > me" > > functionality will be available soon. A patch has been submitted to my > > SecurityFilter project (http://www.securityfilter.org/) to support > > "remember > > me" functionality. The integration should be complete soon, and a beta > > release will be made available once the integration is complete. > > SecurityFilter works very much like container-managed security > > otherwise, > > including the configuration format (except that you declare the > > constraints > > in a separate config file rather than web.xml). > > > > -Max > > > > ----- Original Message ----- > > From: "Parmar, Dipakkumar" <[EMAIL PROTECTED]> > > To: "Struts Users Mailing List" <[EMAIL PROTECTED]> > > Sent: Monday, January 12, 2004 7:43 AM > > Subject: RE: handling form based authentication w/ remember-me cookie > > > > > >> Hi Chris, > >> > >> You can do this using Servlet Filter. What you need to do is write > >> postLoginFilter that maps to the j_security_check url. > >> > >> In doFilter method, you can write your post login code after > >> j_security_check done is work. > >> > >> Something like: > >> public void doFilter(.....) > >> > >> // let the j_security_check to do it's work > >> chain.doFilter(request, response) > >> > >> // do you post login stuff here > >> > >> Regards, > >> Dipak Parmar > >> > >> > >> > >> -----Original Message----- > >> From: Chris Ruegger [mailto:[EMAIL PROTECTED] > >> Sent: Monday, January 12, 2004 9:53 AM > >> To: Struts Users Mailing List > >> Subject: handling form based authentication w/ remember-me cookie > >> > >> > >> I am using Struts and building a logon page to do Form-based > > authentication > >> under Tomcat. I want to also have a checkbox for the user to check > >> that > > says > >> "remember me" so that I can send them a cookie. I'm not sure how to > >> "intercept" > >> the form values because I have to post to j_security_check. How can I > >> get > >> the > >> check-box value, set up the cookie, and send them to j_security_check > >> with > >> struts? > >> > >> Thanks > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]