To be more specific, I am using the JDBC realm. I use the Form authentication for all logins, and they all works. My problem is on the registration part. When I create a new user, I insert the Principal and Roles information into the Database, and try to login that new user directly, not go back to login page.
I use the LoginContext.login(), then forward to the secure page. That page can be displayed, but when I click any link to other secure pages with the same security constraint, it go back to login page. I am really confused about that? Can anyone give me a hint?
after creating your user, post to j_security_check with the username and password, just like your auth form does.
The class that handles the form based authentication in tomcat is org.apache.catalina.authenticator.FormAuthenticator. It sets stuff in the session after a successful authentication that you probably can't get to yourself, which is why what you're trying isn't working.
Does this mean that in order to propagate the Principal from your LoginContext to the web container (Catalina) you need to ALWAYS use form login?
I can't see any other way to do it.
PS Manually requesting j_security_check is a large hack and not recommended by anyone ;)