-
1. Re: Logging in the user manually
How can you log in the user "manually" in Java-code, without doing the "protected page"->j_security_check trick?
-
2. Re: Logging in the user manually
It seems like there is no good solution of this problem - logic of form login is very container-specific. I made a code that emulates user's sequence of actions by using jakarta commons HttpClient:
public class UserLogin { public static int PORT = 8080; public static void formLogin(HttpServletRequest request, String target, String username, String password) throws IOException { HttpClient client = new HttpClient(); client.getState().setCookiePolicy(CookiePolicy.COMPATIBILITY); client.getHostConfiguration().setHost("localhost", PORT, "http"); // copy cookies from request to pass correct jsessionid for(int i = 0; i < request.getCookies().length; i++) { client.getState().addCookie(new Cookie("localhost", request.getCookies().getName(), request.getCookies().getValue(), "/", request.getCookies().getMaxAge(), request.getCookies().getSecure())); } GetMethod m1 = new GetMethod(request.getContextPath() + target); m1.setFollowRedirects(true); client.executeMethod(m1); PostMethod m = new PostMethod(request.getContextPath() + "/j_security_check"); NameValuePair userid = new NameValuePair("j_username", username); NameValuePair pwd = new NameValuePair("j_password", password); m.setRequestBody(new NameValuePair[] {userid, pwd}); client.executeMethod(m); m.releaseConnection(); } }