-
1. Re: Programmatic authentication...
dgood Jul 19, 2002 10:57 AM (in response to kpseal)You can do it this way (but only from a servlet)
response.sendRedirect("j_security_check?j_username=&j_password=");
I'm not sure how well this would work if there is no redirect URL stored on the session - but that might be something you could fake.
David -
2. Re: Programmatic authentication...
kpseal Jul 20, 2002 8:33 AM (in response to kpseal)That's not particularly practical since, as you point out, it'll probably be a direct reference to the login action.
I've tried using this (refers to my application policy called "Users" using a custom LoginModule):
[pre]
new LoginContext("Users", new UsernamePasswordHandler(username, password.toCharArray()).login();
[/pre]
It seems to work (ie, doesn't throw a LoginException) but subsequent HttpServletRequests still have a null user Principal. Presumably access to secured EJBs will work, though.
Can someone tell me how to set the Principal that the Servlet container (in this case Catalina) associates with a particular session?
Many thanks in advance. -
3. Re: Programmatic authentication...
mattvincent Jul 20, 2002 4:16 PM (in response to kpseal)...Just asked a similar question (currently unanswered)
http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ -
4. Re: Programmatic authentication...
simon.nicholls Dec 10, 2002 9:22 AM (in response to kpseal)It definitely works, but I use two redirects - one within the "login" page to a protected resource for post-login processing etc, and one sneakily inside the login page. It can be done using POST as well as GET.
http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ way, the container does all the work it's supposed to, and there's little risk of losing portability.