tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joel Baker" <n...@news.jb21.net>
Subject Customising the logic behind Container Authentication (j_security_check)
Date Sun, 05 May 2002 03:54:59 GMT
Hi there,

The webapp I'm currently developing uses the j_security_check method of
authentication.
That is, when authentication is required (ie: when a client tries to access
a restricted resource) the client gets directed to the file specified in the
<form-login-page> tag in my web.xml file - in this case this file is
login.jsp. This JSP presents a form to the client whose action is
j_security_check, an internal Tomcat servlet (though it is more general than
Tomcat, being in the Servlet spec) that processes this response.
When the user is authenticated, based on her username and password, by the
j_security_check servlet she is returned to the resource she first
requested.

However, I am needing to set further login tokens based on the username and
password given and am thus looking to somehow intercept the j_security_check
servlet - ideally without rewriting it.
This is because I am trying to create an authentication token for a third
party web application (and thus creating single sign on as the third party
web app doesn't use tomcat container authentication) at the same time as
logging into the main site.

If anyone has any ideas I would be, of course, very grateful.

Joel Baker.


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message