3 Replies Latest reply on Feb 20, 2002 3:24 AM by Mike Cannon-Brookes

    question about j_security_chcek

    Tony Sun Newbie

      When I use the Form (post to j_security_check) authentication under JBoss2.4/Tomcat4.01, it works fine. But when I try to authenticate and authorize using my own code with the LoginConext.login(), it seems that authorization doesn't work. Can anybody tell how does JBoss/Tomcat implement the j_security_check?
      Thanks in advanced.

        • 1. Re: question about j_security_chcek
          Tony Sun Newbie

          To be more specific, I am using the JDBC realm. I use the Form authentication for all logins, and they all works. My problem is on the registration part. When I create a new user, I insert the Principal and Roles information into the Database, and try to login that new user directly, not go back to login page.
          I use the LoginContext.login(), then forward to the secure page. That page can be displayed, but when I click any link to other secure pages with the same security constraint, it go back to login page. I am really confused about that? Can anyone give me a hint?
          Thank you.

          • 2. Re: question about j_security_chcek
            Jonathan Leech Newbie

            after creating your user, post to j_security_check with the username and password, just like your auth form does.
            The class that handles the form based authentication in tomcat is org.apache.catalina.authenticator.FormAuthenticator. It sets stuff in the session after a successful authentication that you probably can't get to yourself, which is why what you're trying isn't working.

            • 3. Re: question about j_security_chcek
              Mike Cannon-Brookes Newbie

              Does this mean that in order to propagate the Principal from your LoginContext to the web container (Catalina) you need to ALWAYS use form login?

              I can't see any other way to do it.

              -mike

              PS Manually requesting j_security_check is a large hack and not recommended by anyone ;)