1 Reply Latest reply on Oct 7, 2002 2:47 AM by Christoph Grimm

    FORM authentication WITHOUT j_security_check - doesn't work!

    Richard Berger Newbie

      (Forget all my other questions - it boils down to this one). I implemented FORM authentication and on my form, I do NOT use j_security_check (wanting a little more control over what happens). By capturing the information on the form, I am able to authenticate the users via JAAS and get their role information - however, even after the user is authenticated, the security defined in web.xml does NOT work (e.g. without using j_security_check, the web container does not appear to know what role the authenticated user is in).

      If, instead of using my own form, I use a j_security_check based form, then the web container knows what is going on.

      Am I hallucinating here or is JAAS authentication unknown to the web container (and all the security mechanisms in web.xml) if j_security_check is NOT used? Is this considered a bug - or a design feature.

      Thanks much in advance,