We are using FORM based security with our application and everything is working great. We now have a requirement to automatically log a user in when they pass a URL with a user/password. There is custom code that will be used to decrypt the user/password string in the URL. The problem that I have is I cannot call the j_security_check directly as I get errors. There have been references to: response.sendRedirect(response.encodeRedirectURL("j_security_check?" +
J_USER_NAME + "=" + userName + "&" + J_PASSWORD + "=" + password));. We are using JBoss 3.2.3.
What is the procedure to log in a web user. I can programatically log someone in using
LoginContext lc = null;
UsernamePasswordHandler handler =
new UsernamePasswordHandler(userName, password.toCharArray());
lc = new LoginContext("client-login", handler);
But I don't know what JBoss sets up in the session for the user. When I look at all the attributes in the session I can find no attributes after a user has signed in.
Anyone please help.
Sounds to me you will have to write a custom Authenticator if you are using Tomcat. Have a look at the source for BasicAuthenticator or FormAuthenticator and this will give you an idea of how to do it...