-
1. Re: Automatic login after submiting registration form
danl_thompson Sep 16, 2004 4:36 PM (in response to lou)The problem is, you are trying to get around JAAS
I'm pretty sure you have to force the guy to login, and I don't think there is any automatic login available.
Here's what we do, let him create a User ID, and either let him enter a password, or email him one.
Then direct him to a protected page, and he'll be redirected by J2EE to the login page. Once he authenticates there, he'll be passed to the page he wanted.
dt -
2. Re: Automatic login after submiting registration form
lou Sep 17, 2004 2:31 AM (in response to lou)Thanks for your hint danl, but this is not suitable for my needs. I still beleive it must be a way to tell to sec manager that I want to add my programaticaly authenticated subject to its cache.
Maybe Mr. Scott might have an ideea. Thanks. -
3. Re: Automatic login after submiting registration form
lretief Sep 17, 2004 6:15 AM (in response to lou)Not sure if I am understanding your requirements but...
Maybe using org.jboss.security.SecurityAssociation?
SecurityAssociation.setPrincipal(...);
SecurityAssociation.setCredential(...);
Note this is not portable across JAAS implementations (only works in JBoss at the moment).
Alternatively create a javax.security.auth.login.LoginContext and login().
Regards,
Lisa -
4. Re: Automatic login after submiting registration form
starksm64 Sep 17, 2004 11:18 AM (in response to lou)No, this will not work. You have to convince tomcat that the current session has been authenticated. This would require a custom valve and/or custom tomcat authenticator. Its a deep tomcat specific integration.
-
5. Re: Automatic login after submiting registration form
aparaapara Jun 7, 2005 12:00 PM (in response to lou)I need to do the same thing. Has anything changed since last year in this area? Can someone point me to where I can get more information about how to do this?
Thanks. -
6. Re: Automatic login after submiting registration form
schmidts Jun 7, 2005 3:08 PM (in response to lou)FWIW, I once had a similiar requirement (automatic login of web user). My pragmatic and simple solution then was to automatically submit a hidden form via javascript. Not really charming, but acceptable for an intranet-type application.