tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: j_security_check requires session
Date Wed, 24 Sep 2008 15:29:59 GMT
discip@pjm.com wrote:
> I am having a problem posting credentials to j_security_check for
> form-based authentication.
>  
> It seems that tomcat expects that I already have a session established
> before posting the username and password.  If I don't already have a
> JSESSIONID cookie, j_security_check returns a 408.  Unfortunately, I
> have another application attempting to talk to this one that requires
> that the first thing it does is post credentials to the
> j_security_check, so I have no mechanism of hitting another page first
> to establish a session.
>  
> This mechanism worked fine with BEA Weblogic, but it seems that tomcat's
> handling of j_security_check is different.  Does anyone know of any
> options to modify the behavior of j_security_check so that it would just
> do the authentication and establish the session in one shot at the time
> of the POST request?

Sorry, no. That isn't the way the spec is written.

However, http://securityfilter.sourceforge.net/ should do exactly what you
want.

Mark



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message