you can implement your own Authenticator. For Tomcat look at the implementation:
Redirection to CONTEXT_ROOT/j_security_check should work. I used the following within Struts:
response.sendRedirect(contextPath + "/j_security_check?j_username=" + loginForm.getUsername() + "&j_password=" +loginForm.getPassword());
I am really having problems with j_security_check and STRUTS!
Where do I put the redirect statment you mentioned earlier, should it go to the LoginAction class before the return mapping.findForward(IConstants.SUCCESS_KEY);
how do I finally get to my "main" page after the j_security? Do I go the usual route via the struts-config.xml, i.e. define an action and go on frm there?
I hope I am not being a pain but I have a due date coming up and my a.. is on fire!!!!
After authenticating with JAAS (posting to j_security_check) Tomcat redirects you to the page you intended to go in the first place. You can't control which page to go after you authenticate, If you try to go to /home.jsp and you have not authenticated yet, you get a login prompt. If you provide the correct user/password, you are redirected to /home.jsp, the one you intended to go to.
response.sendRedirect("CONTEXT_ROOT/j_security_check") will not work on jboss-4.0.0 with tomcat-5.0.28 but jboss-3.2.6 with tomcat-5.0.28 work well.
I can see 'GenericPrincipal[admin(admin,user)] in both versions.
When I call IsUserInRole("admin"), it returns true on 3.2.6 but false on 4.0.0.
Are there deferences between two versions?