tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillermo Payet <gpa...@oceangroup.com>
Subject Re: Forcing authentication
Date Thu, 08 Aug 2002 20:01:27 GMT

Hi Martin,

That sounds like a good idea.

I'll give it a shot and post my results here.

	thanks

	--G


On Thu, Aug 08, 2002 at 04:32:21PM +0200, Martin Jacobson wrote:
> Guillermo Payet wrote:
> 
> > Hi,
> > 
> > I've asked this one before, but got no answers, so here goes an 
> > "abridged" version.
> > 
> > I'd like to "force" a FORM authentication by somehow calling
> > /login/j_security_check from a jsp page, or doing something 
> > equivalent, so that the application can decide to "force" the
> > authentication of a session in some cases, whithout the user 
> > having to go through the login form.
> >  
> > We're using Tomcat 4.0.3
> >  
> > I found this pointer to a purported solution to our problem:
> >  
> >  http://www.apachelabs.org/tomcat-user/200105.mbox/%3C9005C0C9C85BD31181B2006008+5DAC8B10C8EF@tuvi.andmevara.ee%3E
> >  
> > But it ain't working.  I've tried all kinds of variations on this,
> > but I cannot figure out how to make it work. It seems that once a 
> > request is matched against auth constraints, (which happens when the
> > registration page is first loaded) it will not be matched again. 
> > This means that any redirection of the request to j_security_check 
> > just returns a 404, since authenticate() is never called again and so 
> > it fails to intercept the request and authenticate the session.
> > 
> > Any ideas??  Any help is appreciated!
> >  
> 
> 
> Caveat: I haven't tried the following, so I don't know whether it'll 
> work...
> 
> Use FORM authentication, but with a combined registration & login form. 
> Place a filter in front of j_security_check that picks the registration 
> data from the form, registers them, so that when the filter exits, 
> j_security_check then discovers a valid account.
> 
> Hope this helps,
> 
> Martin
> 
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 

-- 
Guillermo Payet
O C E A N    G R O U P
email: gpayet@oceangroup.com
web: http://www.oceangroup.com

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message