tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Berry" <>
Subject Programmatic session login?
Date Fri, 11 Apr 2003 22:46:48 GMT
I have a web app running under jboss/tomcat which has both public and
private components.  The private components are protected by declartive
security using a FORM authentication config.  All that works perfectly.
My challenge is that we want to support one scenario (a guest evaluation
login) in which the user follows a link from a public page to a private
page without being challenged for a login.  Obviously, this means that
somewhere in the code generating the "gateway" public page, something
has to happen that does the same thing as the j_security_check would
normally do internally -- that is, generate a session-persistent
authenticated identity.
I have a working LoginContext-based login system that can generate a
Principal object, and that results in a login that is successful in
accessing protected EJBs, so I know that part is working.  But the
identity generated only lasts for that one servlet request; on the next
access, the user is unauthenticated again.
Is there a way to do what I'm trying to do here?
Craig Berry

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message