If I want to make use of container managed security and SSO, does our login form have to POST to j_security_check?
The reason I ask is because we have a legacy webapp that has a ton of business logic built into the login but we'd need it to play nicely with the other applications on the server (SSO). Optimally, we'd like to keep the form as it is and POST the credentials to it's current authentication servlet and then somehow pass the credentials into the container and let it do it's thing.
I've tried using RequestDispatcher to forward to j_security_check after our authentication servlet is finished but the server gives a 404 upon trying to locate j_security_check. I've also tried wrapping a Filter around /j_security_check but the filter never gets called (security violation?).
I guess my ultimate question is how to get my business logic to run upon successful login if my only alternative is to POST my form to j_security_check.
Did you ever get an answer this this? I would like to be able to do some pre-processing or post-processing around the security check, but based on other forums, it doesn't seem possible (under jboss) to use a filter. So, I'd settle for the jsp submitting to a servlet that forwards to j_security_check, if I could get it to work...