-
1. Re: Possible? User login via URL parameters
sradford Jun 18, 2003 8:51 AM (in response to sradford)Well I've been digging into my problem and come up with the following...
as an example if I protect all of my webapp and GET the following:
http://localhost:8080/myApp/welcome.jsp/j_security_check?j_username=sean&j_password=hmm
I get the following log:
2003-06-18 13:32:14,701 DEBUG [org.jboss.jetty.security.JBossUserRealm#MyApplicationRealm] JBossUserPrincipal: sean
2003-06-18 13:32:14,701 DEBUG [org.jboss.jetty.security.JBossUserRealm#MyApplicationRealm] created JBossUserRealm::JBossUserPrincipal: sean
2003-06-18 13:32:14,701 DEBUG [org.jboss.jetty.security.JBossUserRealm#MyApplicationRealm] authenticating: Name:sean Password:****
2003-06-18 13:32:14,702 DEBUG [com.aegeus.itrustjaas.MyLoginModule] initialized
2003-06-18 13:32:14,702 DEBUG [com.aegeus.itrustjaas.MyLoginModule] enter getUsersPassword()
2003-06-18 13:32:14,703 DEBUG [com.aegeus.itrustjaas.MyLoginModule] enter getRoleSets()
2003-06-18 13:32:14,703 DEBUG [org.jboss.jetty.security.JBossUserRealm#MyApplicationRealm] authenticated: sean
2003-06-18 13:32:14,703 DEBUG [org.jboss.jetty.security.JBossUserRealm#MyApplicationRealm] setting JAAS subjectAttributeName(j_subject) : Subject:
Principal: john
Principal: Roles
2003-06-18 13:32:14,824 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/template.jsp'.
2003-06-18 13:32:14,825 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/htmlhead.jsp'.
2003-06-18 13:32:14,827 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/header.jsp'.
2003-06-18 13:32:14,827 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/menu.jsp'.
2003-06-18 13:32:14,829 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/actionerrors.jsp'.
2003-06-18 13:32:14,830 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/actionmessages.jsp'.
2003-06-18 13:32:14,831 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/loginerror_content.jsp'.
2003-06-18 13:32:14,832 DEBUG [org.apache.struts.taglib.tiles.InsertTag] insert page='/WEB-INF/footer.jsp'.
2003-06-18 13:37:51,640 DEBUG [org.jboss.resource.connectionmanager.IdleRemover] run: IdleRemover notifying pools, interval: 450000
From the log you can see that authenitcation is happening, but then I am being re-directed to the loginerror page!!
(normal form-based login is working by the way)
It seems to be something to do with the __J_URI session attribute not being set, but in the source code (FormAuthenticator.authenticate) if that isn't found it should defualt to the root of the context.
Any ideas much, much, MUCH appreciated,
Regards,
Sean -
2. Re: Possible? User login via URL parameters
j_agra Jun 23, 2003 9:54 AM (in response to sradford)
What you want is not possible without changing web server source.
I presume you are using jetty because, with tomcat, direct access to j_security_check isn't possible at all.
If you have a previous establisehd valid session cookie you can use it in your url with :
http://server:port/path1/page.jsp;jsessionid=xpto
If you want to create a new session, then dive into the code :( -
3. Re: Possible? User login via URL parameters
mfk786 Oct 28, 2003 7:43 AM (in response to sradford)Hi
Does j_uri work at all with JBoss? If so how could it be used?
I have tried having it as a hidden field in the login.jsp but does not have any affect.
Thanka -
4. Re: Possible? User login via URL parameters
juha Nov 1, 2003 8:37 AM (in response to sradford)j_uri
Optional Resin extension for the successful display page.
-- Juha