tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Jacobson <marti...@libero.it>
Subject Re: Forcing authentication
Date Thu, 08 Aug 2002 14:32:21 GMT
Guillermo Payet wrote:

> Hi,
> 
> I've asked this one before, but got no answers, so here goes an 
> "abridged" version.
> 
> I'd like to "force" a FORM authentication by somehow calling
> /login/j_security_check from a jsp page, or doing something 
> equivalent, so that the application can decide to "force" the
> authentication of a session in some cases, whithout the user 
> having to go through the login form.
>  
> We're using Tomcat 4.0.3
>  
> I found this pointer to a purported solution to our problem:
>  
>  http://www.apachelabs.org/tomcat-user/200105.mbox/%3C9005C0C9C85BD31181B2006008+5DAC8B10C8EF@tuvi.andmevara.ee%3E
>  
> But it ain't working.  I've tried all kinds of variations on this,
> but I cannot figure out how to make it work. It seems that once a 
> request is matched against auth constraints, (which happens when the
> registration page is first loaded) it will not be matched again. 
> This means that any redirection of the request to j_security_check 
> just returns a 404, since authenticate() is never called again and so 
> it fails to intercept the request and authenticate the session.
> 
> Any ideas??  Any help is appreciated!
>  


Caveat: I haven't tried the following, so I don't know whether it'll 
work...

Use FORM authentication, but with a combined registration & login form. 
Place a filter in front of j_security_check that picks the registration 
data from the form, registers them, so that when the filter exits, 
j_security_check then discovers a valid account.

Hope this helps,

Martin



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message