tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Warren Crossing <Warr...@nocode.com.au>
Subject AutoLogon J_Security_Check
Date Fri, 04 May 2001 05:09:14 GMT
hey all, 

i'm about to build a servlet class component that proactively &
automatically ( without being prompted ) logs the user into servlet security
and bypasses a browser request for j_security_check..

i plan to achieve this by using;
a static html page with a form on it
a known dummy protected page to trigger the j_security_check response.. 
a servlet class to receive the request
spoof the browser request to request dummy page,
log the user in trick =) repsond with j_user_name & j_password.
and getRequestDispatcher().forward to the target page..

i know its a little more tricky than this & so i'll ask if anyone is
interesed in the outcome.. or attempted this before with tomcat. i've done a
similar thing with weblogic servlet security.  and this functionality is
desireable to when merging my web portal into a web page interface.. but i
know its bad for guaranteed security.

regards,

warren.

Mime
View raw message