You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Guillermo Payet <gp...@oceangroup.com> on 2002/08/07 19:46:53 UTC
Forcing authentication
Hi,
I've asked this one before, but got no answers, so here goes an
"abridged" version.
I'd like to "force" a FORM authentication by somehow calling
/login/j_security_check from a jsp page, or doing something
equivalent, so that the application can decide to "force" the
authentication of a session in some cases, whithout the user
having to go through the login form.
We're using Tomcat 4.0.3
I found this pointer to a purported solution to our problem:
http://www.apachelabs.org/tomcat-user/200105.mbox/%3C9005C0C9C85BD31181B2006008+5DAC8B10C8EF@tuvi.andmevara.ee%3E
But it ain't working. I've tried all kinds of variations on this,
but I cannot figure out how to make it work. It seems that once a
request is matched against auth constraints, (which happens when the
registration page is first loaded) it will not be matched again.
This means that any redirection of the request to j_security_check
just returns a 404, since authenticate() is never called again and so
it fails to intercept the request and authenticate the session.
Any ideas?? Any help is appreciated!
thanks!
--Guillermo Payet
--
Guillermo Payet
O C E A N G R O U P
email: gpayet@oceangroup.com
web: http://www.oceangroup.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Forcing authentication
Posted by Guillermo Payet <gp...@oceangroup.com>.
Hi Martin,
That sounds like a good idea.
I'll give it a shot and post my results here.
thanks
--G
On Thu, Aug 08, 2002 at 04:32:21PM +0200, Martin Jacobson wrote:
> Guillermo Payet wrote:
>
> > Hi,
> >
> > I've asked this one before, but got no answers, so here goes an
> > "abridged" version.
> >
> > I'd like to "force" a FORM authentication by somehow calling
> > /login/j_security_check from a jsp page, or doing something
> > equivalent, so that the application can decide to "force" the
> > authentication of a session in some cases, whithout the user
> > having to go through the login form.
> >
> > We're using Tomcat 4.0.3
> >
> > I found this pointer to a purported solution to our problem:
> >
> > http://www.apachelabs.org/tomcat-user/200105.mbox/%3C9005C0C9C85BD31181B2006008+5DAC8B10C8EF@tuvi.andmevara.ee%3E
> >
> > But it ain't working. I've tried all kinds of variations on this,
> > but I cannot figure out how to make it work. It seems that once a
> > request is matched against auth constraints, (which happens when the
> > registration page is first loaded) it will not be matched again.
> > This means that any redirection of the request to j_security_check
> > just returns a 404, since authenticate() is never called again and so
> > it fails to intercept the request and authenticate the session.
> >
> > Any ideas?? Any help is appreciated!
> >
>
>
> Caveat: I haven't tried the following, so I don't know whether it'll
> work...
>
> Use FORM authentication, but with a combined registration & login form.
> Place a filter in front of j_security_check that picks the registration
> data from the form, registers them, so that when the filter exits,
> j_security_check then discovers a valid account.
>
> Hope this helps,
>
> Martin
>
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
Guillermo Payet
O C E A N G R O U P
email: gpayet@oceangroup.com
web: http://www.oceangroup.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Forcing authentication
Posted by Martin Jacobson <ma...@libero.it>.
Guillermo Payet wrote:
> Hi,
>
> I've asked this one before, but got no answers, so here goes an
> "abridged" version.
>
> I'd like to "force" a FORM authentication by somehow calling
> /login/j_security_check from a jsp page, or doing something
> equivalent, so that the application can decide to "force" the
> authentication of a session in some cases, whithout the user
> having to go through the login form.
>
> We're using Tomcat 4.0.3
>
> I found this pointer to a purported solution to our problem:
>
> http://www.apachelabs.org/tomcat-user/200105.mbox/%3C9005C0C9C85BD31181B2006008+5DAC8B10C8EF@tuvi.andmevara.ee%3E
>
> But it ain't working. I've tried all kinds of variations on this,
> but I cannot figure out how to make it work. It seems that once a
> request is matched against auth constraints, (which happens when the
> registration page is first loaded) it will not be matched again.
> This means that any redirection of the request to j_security_check
> just returns a 404, since authenticate() is never called again and so
> it fails to intercept the request and authenticate the session.
>
> Any ideas?? Any help is appreciated!
>
Caveat: I haven't tried the following, so I don't know whether it'll
work...
Use FORM authentication, but with a combined registration & login form.
Place a filter in front of j_security_check that picks the registration
data from the form, registers them, so that when the filter exits,
j_security_check then discovers a valid account.
Hope this helps,
Martin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>