6 Replies Latest reply on Apr 19, 2005 9:17 AM by ricardoarguello

    j_security_check

    milkygto

      Hey,

      Where can we find out more information about j_security_check servlet?
      Is there any way to wrap this so when it won't expose to the users when I am doing jaas login in jsp?

      I know that response.sendRedirect("/j_security_check") will not work, what is the alternative solution?

      Thanks,

      Michael

        • 1. Re: j_security_check
          felderr

          Hello,

          you can implement your own Authenticator. For Tomcat look at the implementation:

          org.apache.catalina.authenticator.FormAuthenticator

          Redirection to CONTEXT_ROOT/j_security_check should work. I used the following within Struts:

          response.sendRedirect(contextPath + "/j_security_check?j_username=" + loginForm.getUsername() + "&j_password=" +loginForm.getPassword());

          Rene

          • 2. Re: j_security_check
            starksm64
            • 3. Re: j_security_check

              I am really having problems with j_security_check and STRUTS!

              Rene,

              Where do I put the redirect statment you mentioned earlier, should it go to the LoginAction class before the return mapping.findForward(IConstants.SUCCESS_KEY);

              and,

              how do I finally get to my "main" page after the j_security? Do I go the usual route via the struts-config.xml, i.e. define an action and go on frm there?

              I hope I am not being a pain but I have a due date coming up and my a.. is on fire!!!!

              • 4. Re: j_security_check
                ricardoarguello

                After authenticating with JAAS (posting to j_security_check) Tomcat redirects you to the page you intended to go in the first place. You can't control which page to go after you authenticate, If you try to go to /home.jsp and you have not authenticated yet, you get a login prompt. If you provide the correct user/password, you are redirected to /home.jsp, the one you intended to go to.

                Ricardo Arguello

                • 5. Re: j_security_check
                  jaejong

                  response.sendRedirect("CONTEXT_ROOT/j_security_check") will not work on jboss-4.0.0 with tomcat-5.0.28 but jboss-3.2.6 with tomcat-5.0.28 work well.
                  I can see 'GenericPrincipal[admin(admin,user)] in both versions.

                  When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
                  Are there deferences between two versions?

                  • 6. Re: j_security_check
                    ricardoarguello

                     

                    "jaejong" wrote:
                    When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
                    Are there deferences between two versions?


                    That's a known 4.0.0 bug, please try 4.0.1 or 4.0.1SP1, the latest release.

                    Ricardo Arguello