tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig McClanahan <Craig.McClana...@eng.sun.com>
Subject Re: j_security_check=??
Date Wed, 03 May 2000 20:21:09 GMT
Weilu Yao wrote:

> Dear All,
>
> I have a big stupid question.
>
> I visited the source file of
> ....examples/jsp/security/login/login.jsp
>
> I could not identify the target of action in the form.
> Here is the original code"
> --------------------------------------
> <html>
> <body>
> <h1>Login page for examples</h1>
>
> <form method="POST" action="j_security_check" >
> <input type="text" name="j_username">
> <input type="password" name="j_password">
>
> <input type="submit" name="j_security_check">
> </form>
>
> </body>
> </html>
> ----------------------------------------
> My question is: what does "j_securiry_check" stand for?
> I have been searching  for it around for about 3 days.
> Can anybody enlighten me?
>

The destination "j_security_check" is required by the Servlet 2.2 spec for
form-based authentication.  It allows specialized code inside the servlet
container to intercept this request and perform the required authentication
(the two field names are also required to be "j_username" and "j_password").
You will need to look at the sources of Tomcat to see how they are dealt
with.

You should also be sure to read the Tomcat release notes (doc/readme) that
will remind you that form-based login support in Tomcat 3.1 is very
experimental at this point.

>
> Thanks a million!
>
> Wei Lu
>

Craig McClanahan



Mime
View raw message