tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Jacobson <>
Subject Re: Forcing authentication
Date Thu, 08 Aug 2002 14:32:21 GMT
Guillermo Payet wrote:

> Hi,
> I've asked this one before, but got no answers, so here goes an 
> "abridged" version.
> I'd like to "force" a FORM authentication by somehow calling
> /login/j_security_check from a jsp page, or doing something 
> equivalent, so that the application can decide to "force" the
> authentication of a session in some cases, whithout the user 
> having to go through the login form.
> We're using Tomcat 4.0.3
> I found this pointer to a purported solution to our problem:
> But it ain't working.  I've tried all kinds of variations on this,
> but I cannot figure out how to make it work. It seems that once a 
> request is matched against auth constraints, (which happens when the
> registration page is first loaded) it will not be matched again. 
> This means that any redirection of the request to j_security_check 
> just returns a 404, since authenticate() is never called again and so 
> it fails to intercept the request and authenticate the session.
> Any ideas??  Any help is appreciated!

Caveat: I haven't tried the following, so I don't know whether it'll 

Use FORM authentication, but with a combined registration & login form. 
Place a filter in front of j_security_check that picks the registration 
data from the form, registers them, so that when the filter exits, 
j_security_check then discovers a valid account.

Hope this helps,


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message