-
1. Re: Automatic Login to web app
niwhsa Oct 28, 2005 9:30 AM (in response to cmiles123)what is the error you are getting and please post the stack trace
-
2. Re: Automatic Login to web app
cmiles123 Oct 28, 2005 9:38 AM (in response to cmiles123)Hello,
Thanks for your response.
You either get a 400 or 404 HTTP error code and as I understand from reading other posts this is because you aren't allowed to access the login page or j_security_check directly. You must access a secured resource and let the normal j2ee mechanics redirect you to the login page.
So knowing this, I have managed to get automatic login to work using the commons httpclient API. In fact, there are some JBoss testcases that do this already.
What I'm still struggling with is whether this can be done via JavaScript. We have a java client that launches the browser and accesses secured resources. With other app servers (WebLogic and WebSphere) we just POST directly to j_security_check, passing in the credentials via j_username/j_password via some HTML and JavaScript. This doesn't appear to work under JBoss so I was wanting anyone that has achieved this to outline their methods.
Thanks -
3. Re: Automatic Login to web app
starksm64 Oct 28, 2005 11:41 AM (in response to cmiles123)Form auth cannot be triggered by an arbitrary post. It has to be done in response to the container challenging a request to a secured resource in the context of a newly created session.
-
4. Re: Automatic Login to web app
brian.stansberry Oct 28, 2005 4:37 PM (in response to cmiles123)Yes, this can be done in Javascript; we did it at my former employer. I can't remember the exact details (I'm not an AJAX developer), but I believe our login page had the javascript to get the XMLHttpRequest and post back to security check. If we got a 200 from the server we then did a javascript redirect to the original target page.
The key point was the session cookie that the browser already had was automatically presented back to the server along with any call we made using XMLHttpRequest -- we didn't have to do anything. -
5. Re: Automatic Login to web app
cmiles123 Nov 3, 2005 8:03 AM (in response to cmiles123)Just to wrap this topic up for the benefit of other people that may need to know this sort of thing. Here's how I solved my issues:
1) For authenticating via a Java client using commons httpclient you attempt to access a secured resource first and then post to the j_security_check servlet. You then follow the redirect that is returned at this point.
2) For authenticating via Javascript or in my case some JSP page you follow the same path as #1, whereby you attempt to access a secured resource before posting to j_security_check. bstansberry's comment about the AJAX stuff got me past the point that to complete the process you have to make sure the JSESSIONID cookie is retrieved and added to your current session (thank you for that)
Now works like a charm, thanks -
6. Re: Automatic Login to web app
siddiqut Nov 8, 2005 8:26 AM (in response to cmiles123)Hi cmiles123,
I have been trying to implment option (using Ajax) without success. Do you have some reference code I could look into.
Thank you -
7. Re: Automatic Login to web app
jam88yo Feb 23, 2011 7:19 AM (in response to siddiqut)Hi everyone,
I searched during long time for trick to break down this JBOSS J_Security_Check mechanism,
please is someone having some solution ?
Thanks.