Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / April 2004

Tip: Looking for answers? Try searching our database.

submitting to JSecurityCheck from a Servlet

Thread view: 
Enable EMail AlertsStart New Thread
mike - 06 Apr 2004 03:12 GMT
We are trying to automate login to a JBOSS J2EE application.

The security model is DatabaseLoginModule based.

We can log in manually through a JSP page, with a username and password that
submits to JSecurityCheck servlet.

We have written a Servlet to replace the JSP page that will redirect the
username and password to JSecurityCheck servlet to allow automated login.

This doesn't work.

If anyone has done this successfully can you please give us a pointer......

Thanks in advance

REMOVETHISmradeka@webft.com.au
Reply to this Message
Duncan Eley - 06 Apr 2004 12:23 GMT
Hi Mike,

I have some experience with the JBoss DatabaseLoginModule and J2EE Web
security and *may* be able to help in some way.

>We are trying to automate login to a JBOSS J2EE application.
>
>The security model is DatabaseLoginModule based.
>
>We can log in manually through a JSP page, with a username and password that
>submits to JSecurityCheck servlet.

Is JSecurityCheck a servlet you have authored or do you mean the
username and password submit to the j_security_check form action?

>We have written a Servlet to replace the JSP page that will redirect the
>username and password to JSecurityCheck servlet to allow automated login.

Again, if by JSecurityCheck you really mean j_security_check, then I
have done this before in a similar way to this:

String req =  request.getContextPath() + "/j_security_check"  +    
       "?j_username=" +  username + "&j_password=" + password;

response.sendRedirect(response.encodeRedirectURL(req));

You will then need to consider how the user will be redirected to the
URL they initially requested. Maybe the following will help:
http://tinyurl.com/xl80

>This doesn't work.
>
[quoted text clipped - 3 lines]
>
>REMOVETHISmradeka@webft.com.au

Regards,

Duncan Eley
duncan.eleyREM@VEbcs.org.uk
Reply to this Message
mike - 08 Apr 2004 05:49 GMT
Thanks for that.

We've already done what you suggested but the Servlet is a great help.

Regards,
Mike

> Hi Mike,
>
[quoted text clipped - 38 lines]
> Duncan Eley
> duncan.eleyREM@VEbcs.org.uk
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.