6 Replies Latest reply: Apr 19, 2005 9:17 AM by Ricardo Arguello RSS

    j_security_check

    milkygto Newbie

      Hey,

      Where can we find out more information about j_security_check servlet?
      Is there any way to wrap this so when it won't expose to the users when I am doing jaas login in jsp?

      I know that response.sendRedirect("/j_security_check") will not work, what is the alternative solution?

      Thanks,

      Michael

        • 1. Re: j_security_check
          Rene Felder Newbie

          Hello,

          you can implement your own Authenticator. For Tomcat look at the implementation:

          org.apache.catalina.authenticator.FormAuthenticator

          Redirection to CONTEXT_ROOT/j_security_check should work. I used the following within Struts:

          response.sendRedirect(contextPath + "/j_security_check?j_username=" + loginForm.getUsername() + "&j_password=" +loginForm.getPassword());

          Rene

          • 3. Re: j_security_check
            Nikolaos Abatzis Newbie

            I am really having problems with j_security_check and STRUTS!

            Rene,

            Where do I put the redirect statment you mentioned earlier, should it go to the LoginAction class before the return mapping.findForward(IConstants.SUCCESS_KEY);

            and,

            how do I finally get to my "main" page after the j_security? Do I go the usual route via the struts-config.xml, i.e. define an action and go on frm there?

            I hope I am not being a pain but I have a due date coming up and my a.. is on fire!!!!

            • 4. Re: j_security_check
              Ricardo Arguello Newbie

              After authenticating with JAAS (posting to j_security_check) Tomcat redirects you to the page you intended to go in the first place. You can't control which page to go after you authenticate, If you try to go to /home.jsp and you have not authenticated yet, you get a login prompt. If you provide the correct user/password, you are redirected to /home.jsp, the one you intended to go to.

              Ricardo Arguello

              • 5. Re: j_security_check
                jaejong kim Newbie

                response.sendRedirect("CONTEXT_ROOT/j_security_check") will not work on jboss-4.0.0 with tomcat-5.0.28 but jboss-3.2.6 with tomcat-5.0.28 work well.
                I can see 'GenericPrincipal[admin(admin,user)] in both versions.

                When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
                Are there deferences between two versions?

                • 6. Re: j_security_check
                  Ricardo Arguello Newbie

                   

                  "jaejong" wrote:
                  When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
                  Are there deferences between two versions?


                  That's a known 4.0.0 bug, please try 4.0.1 or 4.0.1SP1, the latest release.

                  Ricardo Arguello