8 Replies Latest reply on Oct 5, 2002 4:34 AM by srshende

    override j_security_check

    redhonda

      This j_security_check, buried somewhere, is available in form-based. Is there a way to derive from that servlet so can add/extend some actions?

      Thanks for any help

        • 1. Re: override j_security_check

          This is app server specific. In the case of tomcat it is handled by the class:

          org.apache.catalina.authenticator.AuthenticatorBase

          You could extend or replace this class, and add it to your server.xml;

          • 2. Re: override j_security_check
            redhonda

            > This is app server specific. In the case of tomcat
            > it is handled by the class:
            >
            > org.apache.catalina.authenticator.AuthenticatorBase
            >
            > You could extend or replace this class, and add it
            > to your server.xml;




            I found org.apache.catalina.authenticator.FormAuthenticator from which I guess I can derive.

            Can anyone elaborate on what needed to be added to the descriptor files?

            • 3. Re: override j_security_check
              redhonda

              The WebLogic folks have a few solutions to this issue that can't be applied to JBoss. So, no JBoss users have tried to do this yet?

              • 4. Re: override j_security_check
                dmitry_ame

                Anybody knows what class do I have to extend/override for jetty?

                • 5. Re: override j_security_check
                  gregwilkins


                  There was a big discussion in JSR154 about deprecating j_security_check and adding and explicit login/logout method calls. But nobody could agree, so we dropped it again.

                  As it stands there is no standard way of extending the behaviour of j_security_check.

                  Jetty has both pluggable authenticators and realms, so you should be able to add your code in a non-standard way.
                  What are you trying to extends and I'll see if I can suggest the best way to do this.

                  I'll also have a look to see if I can open this up a bit in the next version of Jetty. I'll probably move authentication to a standard filter which will be able to be extended.

                  cheers




                  • 6. Re: override j_security_check
                    dmitry_ame

                    I'm trying to put user specific data into session context.

                    I't be nice to be able to do it base on the results from standard authentication, if the standard authentication fails don't even bother with custom user logic.

                    The solution I have for now is a filter that redirects the request to the j_security_check, not exactly what I need but works with an assumtion that the standard auth logic and my custom user specific logic always succed or fail together.

                    Dmitry

                    P.S. http://jboss.org/forums/thread.jsp?forum=49&thread=19373

                    • 7. Re: override j_security_check
                      l.g.


                      I't be nice to be able to do it base on the results from standard authentication, if the standard authentication fails don't even bother with custom user logic.


                      I'm using frames and javascript to to this.
                      Before submitting to j_security_check I submit user name to hidden frame and add it to the session.
                      If there is authentication error in LoginError.jsp you can remove user name from the session.

                      • 8. Re: override j_security_check
                        srshende

                        where can I find the source code of j_security_check file.
                        I mean what if I want to specify other file in action tag.
                        Will I be able to validate user.

                        Regds,
                        Sanjay