Customising the logic behind Container Authentication (j_security_check)

[Joel Baker <ne...@news.jb21.net>]

Hi there,

The webapp I'm currently developing uses the j_security_check method of
authentication.
That is, when authentication is required (ie: when a client tries to access
a restricted resource) the client gets directed to the file specified in the
<form-login-page> tag in my web.xml file - in this case this file is
login.jsp. This JSP presents a form to the client whose action is
j_security_check, an internal Tomcat servlet (though it is more general than
Tomcat, being in the Servlet spec) that processes this response.
When the user is authenticated, based on her username and password, by the
j_security_check servlet she is returned to the resource she first
requested.

However, I am needing to set further login tokens based on the username and
password given and am thus looking to somehow intercept the j_security_check
servlet - ideally without rewriting it.
This is because I am trying to create an authentication token for a third
party web application (and thus creating single sign on as the third party
web app doesn't use tomcat container authentication) at the same time as
logging into the main site.

If anyone has any ideas I would be, of course, very grateful.

Joel Baker.


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

RE: Customising the logic behind Container Authentication (j_security_check)

[Abraham Fathman <af...@one.net>]

Joel,

I wouldn't use the Security in the spec - ie don't use j_security_check
servlet...

Write your own authentication mechanism that will tie into this third
party. You can write a filter (as of servlet spec 2.3) that will
restrict access to certain url by first redirecting them to a logon
page.

Does this make sense? I have written applications that do excatly what
you are talking about so if it doesn't, respond with what I need to
expand on.

Hope I can help!
Abe

-----Original Message-----
From: Joel Baker [mailto:news@news.jb21.net] 
Sent: Saturday, May 04, 2002 11:55 PM
To: tomcat-user@jakarta.apache.org
Subject: Customising the logic behind Container Authentication
(j_security_check)


Hi there,

The webapp I'm currently developing uses the j_security_check method of
authentication. That is, when authentication is required (ie: when a
client tries to access a restricted resource) the client gets directed
to the file specified in the <form-login-page> tag in my web.xml file -
in this case this file is login.jsp. This JSP presents a form to the
client whose action is j_security_check, an internal Tomcat servlet
(though it is more general than Tomcat, being in the Servlet spec) that
processes this response. When the user is authenticated, based on her
username and password, by the j_security_check servlet she is returned
to the resource she first requested.

However, I am needing to set further login tokens based on the username
and password given and am thus looking to somehow intercept the
j_security_check servlet - ideally without rewriting it. This is because
I am trying to create an authentication token for a third party web
application (and thus creating single sign on as the third party web app
doesn't use tomcat container authentication) at the same time as logging
into the main site.

If anyone has any ideas I would be, of course, very grateful.

Joel Baker.


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>