6 Replies Latest reply: Apr 19, 2005 9:17 AM by Ricardo Arguello RSS

j_security_check

milkygto Newbie

Hey,

Where can we find out more information about j_security_check servlet?
Is there any way to wrap this so when it won't expose to the users when I am doing jaas login in jsp?

I know that response.sendRedirect("/j_security_check") will not work, what is the alternative solution?

Thanks,

Michael

  • 1. Re: j_security_check
    Rene Felder Newbie

    Hello,

    you can implement your own Authenticator. For Tomcat look at the implementation:

    org.apache.catalina.authenticator.FormAuthenticator

    Redirection to CONTEXT_ROOT/j_security_check should work. I used the following within Struts:

    response.sendRedirect(contextPath + "/j_security_check?j_username=" + loginForm.getUsername() + "&j_password=" +loginForm.getPassword());

    Rene

  • 3. Re: j_security_check
    Nikolaos Abatzis Newbie

    I am really having problems with j_security_check and STRUTS!

    Rene,

    Where do I put the redirect statment you mentioned earlier, should it go to the LoginAction class before the return mapping.findForward(IConstants.SUCCESS_KEY);

    and,

    how do I finally get to my "main" page after the j_security? Do I go the usual route via the struts-config.xml, i.e. define an action and go on frm there?

    I hope I am not being a pain but I have a due date coming up and my a.. is on fire!!!!

  • 4. Re: j_security_check
    Ricardo Arguello Newbie

    After authenticating with JAAS (posting to j_security_check) Tomcat redirects you to the page you intended to go in the first place. You can't control which page to go after you authenticate, If you try to go to /home.jsp and you have not authenticated yet, you get a login prompt. If you provide the correct user/password, you are redirected to /home.jsp, the one you intended to go to.

    Ricardo Arguello

  • 5. Re: j_security_check
    jaejong kim Newbie

    response.sendRedirect("CONTEXT_ROOT/j_security_check") will not work on jboss-4.0.0 with tomcat-5.0.28 but jboss-3.2.6 with tomcat-5.0.28 work well.
    I can see 'GenericPrincipal[admin(admin,user)] in both versions.

    When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
    Are there deferences between two versions?

  • 6. Re: j_security_check
    Ricardo Arguello Newbie

     

    "jaejong" wrote:
    When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
    Are there deferences between two versions?


    That's a known 4.0.0 bug, please try 4.0.1 or 4.0.1SP1, the latest release.

    Ricardo Arguello