Hi
I have successfully set up tomcat to protect various parts of my
application using JDBCrealm and form-based-authentication, and it all
works fine.
Now i have written a system whereby new users can register and it
creates them their chosen username and puts them in the right roles
On 03/04/2004 09:28 PM Edd Dawson wrote:
Now what i want to be able to do is have my servlet automatically log
them in as the register without the need for them to be redirected to
the login-form and re-enter their username and password.
I am presuming this is possible as i log my users out by
[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 6:16 PM
Subject: Re: handling form based authentication w/ remember-me cookie
Quoting [EMAIL PROTECTED]:
Are Servlet filters supposed to be called for both GET and POST
methods? They seem to be getting called for GETs only
On Jan 14, 2004, at 3:52 AM, Nadeem Bitar wrote:
A note about storing passwords in cookies.
Encode the password.
Do not store the userid with the password in the cookie, store some id
associated with the user id.
You can generate a one-way hash (MD5) of the contents of the cookie
with
a secret
Dhaliwal
-Original Message-
From: Matt Raible [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 14, 2004 5:28 AM
To: Struts Users Mailing List
Subject: Re: handling form based authentication w/ remember-me cookie
On Jan 14, 2004, at 3:52 AM, Nadeem Bitar wrote:
A note about storing
To: Struts Users Mailing List
Subject: handling form based authentication w/ remember-me cookie
I am using Struts and building a logon page to do Form-based
authentication
under Tomcat. I want to also have a checkbox for the user to check
that
says
remember me so that I can send them
On Jan 13, 2004, at 12:42 AM, Craig R. McClanahan wrote:
Filters are *not* required to be invoked on j_security_check
invocations. In
fact, Tomcat won't even enable the j_security_check url unless an
unauthenticated user accesses a protected resource. Basically, I
believe there
is no
based authentication w/ remember-me cookie
On Jan 13, 2004, at 12:42 AM, Craig R. McClanahan wrote:
Filters are *not* required to be invoked on j_security_check
invocations. In
fact, Tomcat won't even enable the j_security_check url unless an
unauthenticated user accesses a protected
]
Subject: Re: handling form based authentication w/ remember-me cookie
Dipak,
Are you certain that the filter will be invoked on the /j_security_check
request when container-based security is used? I have not tested this, but
it would not surprise me to find that some containers do not execute filters
'
Subject: RE: handling form based authentication w/ remember-me cookie
Hi Max,
I haven't tested it either. I read it about this in IBM WebSphere V5.0
Security handbook (page 64).
Regards,
Dipak Parmar
-Original Message-
From: Max Cooper [mailto:[EMAIL PROTECTED]
Sent: Monday
-Original Message-
From: Parmar, Dipakkumar [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 03:57 PM
To: 'Struts Users Mailing List'
Subject: RE: handling form based authentication w/ remember-me cookie
Hi Max,
I haven't tested it either. I read it about
filters on this, even if
it's just on a GET.
Craig McClanahan
-Original Message-
From: Parmar, Dipakkumar [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 03:57 PM
To: 'Struts Users Mailing List'
Subject: RE: handling form based authentication w/ remember
]
Sent: Tuesday, January 13, 2004 6:16 PM
Subject: Re: handling form based authentication w/ remember-me cookie
Quoting [EMAIL PROTECTED]:
Are Servlet filters supposed to be called for both GET and POST
methods? They seem to be getting called for GETs only on Tomcat 5.
-Chris
For filters
to be getting called for GETs only on Tomcat 5.
-Chris
-Original Message-
From: Parmar, Dipakkumar [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 03:57 PM
To: 'Struts Users Mailing List'
Subject: RE: handling form based authentication w/ remember-me cookie
Hi Max,
I haven't
I am using Struts and building a logon page to do Form-based authentication
under Tomcat. I want to also have a checkbox for the user to check that says
remember me so that I can send them a cookie. I'm not sure how to intercept
the form values because I have to post to j_security_check. How can
Mailing List
Subject: handling form based authentication w/ remember-me cookie
I am using Struts and building a logon page to do Form-based authentication
under Tomcat. I want to also have a checkbox for the user to check that says
remember me so that I can send them a cookie. I'm not sure how
form based authentication w/ remember-me cookie
I am using Struts and building a logon page to do Form-based authentication
under Tomcat. I want to also have a checkbox for the user to check that says
remember me so that I can send them a cookie. I'm not sure how to
intercept
the form values
form based authentication w/ remember-me cookie
I am using Struts and building a logon page to do Form-based authentication
under Tomcat. I want to also have a checkbox for the user to check that says
remember me so that I can send them a cookie. I'm not sure how to
intercept
the form values
- Original Message -
From: Parmar, Dipakkumar [EMAIL PROTECTED]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, January 12, 2004 7:43 AM
Subject: RE: handling form based authentication w/ remember-me cookie
Hi Chris,
You can do this using Servlet Filter. What you need
]
To: Struts Users Mailing List [EMAIL PROTECTED]
Sent: Monday, January 12, 2004 7:43 AM
Subject: RE: handling form based authentication w/ remember-me cookie
Hi Chris,
You can do this using Servlet Filter. What you need to do is write
postLoginFilter that maps to the j_security_check url.
In doFilter
Hi,
Is there any relation to be made between Tomcat Form-Based Authentication
and Struts? The Tomcat admin webapp seems to be based on Struts and uses
Form-Based Authentication. But it looks like it is not using Struts to
handle the login form. On the other hand, the Struts-example webapp uses
On Wed, 30 Oct 2002, [utf-8] Etienne Labonté wrote:
Date: Wed, 30 Oct 2002 10:35:45 -0500
From: [utf-8] Etienne Labonté [EMAIL PROTECTED]
Reply-To: Struts Users Mailing List [EMAIL PROTECTED]
To: Struts Users Mailing List (E-mail) [EMAIL PROTECTED]
Subject: Form-Based Authentication
Hey All,
I am having a problem with Form based authentication in Tomcat (4.03).
The example app that uses it works fine, but when I go into my struts
app (1.1b) and I try to do form based authentication I get the following
message back:
--
Apache Tomcat/4.0.3 - HTTP
Subject: Re: Action classes/Form based authentication/ EJBs
From: Torgeir Veimo [EMAIL PROTECTED]
===
Roland Chan wrote:
Okay, I turned on my prompt before adding cookies in my browser and it
appears that during form-based authentication a cookie is never being
saved to my clients browser
Subject: Re: Action classes/Form based authentication/ EJBs
From: Torgeir Veimo [EMAIL PROTECTED]
===
Roland Chan wrote:
Hi There,
Using BASIC authentication my action classes work like a charm. However,
when I switched to form based authentication calls to secured EJBs
present
Pardon my ignorance please but what is basic authentication and
form-based authentication? You were talking about sessions and URL
rewriting and I thought I knew all about that. What is the auth header
from the browser? Is this container managed ?
Thanks
Adam
Struts Newsgroup
not
sending the session cookie back or while using url rewriting and not
properly wrapping an url sent back to the browser.
Remember that when using basic authentication, the auth header is sent
by the browser at every request, so it never looses the session. Using
form based authentication
Hello,
When using form based authentication, it appears that cookies are not
being written to the client. In my server.xml, noCookies=false, and the
client browsers have cookies enabled.
Can anyone shed any light here?
Thanks,
Roland
Hi There,
Using BASIC authentication my action classes work like a charm. However,
when I switched to form based authentication calls to secured EJBs
present an authentication exception, principal=null error.
This is strange only because I know the principal exists and was
authenticated. What
Hi There,
Using BASIC authentication my action classes work like a charm. However,
when I switched to form based authentication calls to secured EJBs
present an authentication exception, principal=null error.
This is strange only because I know the principal exists and was
authenticated. What
Hi,
What are the factors involved in selecting form-based authentication
over, say, custom authentication which can be simple to implement based
on a db of registered users who have or don't have an indicator stored
in their session(representing a login)?
An example of custom
What are the factors involved in selecting form-based
authentication over, say, custom authentication which
can be simple to implement based on a db of registered
users who have or don't have an indicator stored
in their session(representing a login)?
One factor to favor form based
Hi,
My webapp is implemented based on struts and deployed
to WebSphere.
I am using custom-user-registry to protect web
resource. I have setup
everything. when start the Admin Console, it asked me
for the user
name and password, I entered those parameters and it
let passed that
point, so I
I have form-based authentication in my web.xml that requires HTTPS - has
transport-guaranteeCONFIDENTIAL/transport-guarantee. In my opinion,
one of the beautiful things about declarative security is that users can
have bookmarks and return to the same location, and be prompted.
My problem
I have transport-guaranteeCONFIDENTIAL/transport-guarantee in my
web.xml to required SSL be used to login. In an ideal world, tomcat
would detect that the user is using http and switch them to https for
the authentication. And it looks like Tomcat is trying to do this with
IE.
When I navigate
December 2001 23:29
To: Struts Users Mailing List
Subject: HTTP form based authentication
HI all,
When we follow HTTP form based authentication, for the form field we write:
form method=POST action=j_security_check
( as per servlet specifications )
Using an action other than .do will break
2001 11:40
An: 'Struts Users Mailing List'
Betreff: RE: HTTP form based authentication
Hi Shri,
I have found the best (only?) approach is not to use a struts html:form tag
on your login screen as you are posting to the containers auth mechanism not
the struts action servlet,
Jon Ridgway
the user is logged
in. I'll look into this further. Anyone else have experience here?
Jon.
-Original Message-
From: storck [mailto:[EMAIL PROTECTED]]
Sent: 03 December 2001 10:57
To: 'Struts Users Mailing List'
Subject: AW: HTTP form based authentication
Is that normal that I have to access
the user is logged
in. I'll look into this further. Anyone else have experience here?
Jon.
-Original Message-
From: storck [mailto:[EMAIL PROTECTED]]
Sent: 03 December 2001 10:57
To: 'Struts Users Mailing List'
Subject: AW: HTTP form based authentication
Is that normal that I have
form based authentication
Hi Shri,
I have found the best (only?) approach is not to use a struts html:form tag
on your login screen as you are posting to the containers auth mechanism not
the struts action servlet,
Jon Ridgway
www.upco.co.uk
-Original Message-
From: Shri
HI all,
When we follow HTTP form based authentication, for the form field we write:
form method=POST action=j_security_check
( as per servlet specifications )
Using an action other than .do will break the action / action servlet
chain...
How to make this a part of action chain?
Any way
I figured out how to make Form-based Authentication use the form-error page
to login
and thought I would share with everyone. The instructions are
iPlanet-specific, but
can most likely be ported to another appserver, providing you knew the name
of the
hidden field that holds the url
I am using struts with iAS sp3.
I am sending all urls through my action servlet with the following mapping:
servlet-mapping
servlet-nameaction/servlet-name
url-pattern*.do/url-pattern
/servlet-mapping
And I'm protecting this with the following security-constraint:
I am implementing form-based authenication and have a couple of questions.
I have all my JSP's setup so they can be accessed with no extension. I am also
using a DefaultAction class so these JSP's can be accessed via a .do extension.
Can you send me ideas on how you implemented form-based
Does your web.xml contain a login-config declaration?
-Original Message-
From: Matt Raible [mailto:[EMAIL PROTECTED]]
Sent: 30 July 2001 12:53
To: [EMAIL PROTECTED]
Subject: Form-based Authentication using Struts
I am implementing form-based authenication and have a couple
--- Geddes, Mark (ANTS) [EMAIL PROTECTED] wrote:
Does your web.xml contain a login-config declaration?
-Original Message-
From: Matt Raible [mailto:[EMAIL PROTECTED]]
Sent: 30 July 2001 12:53
To: [EMAIL PROTECTED]
Subject: Form-based Authentication using Struts
I am
tomcat does?
Jon.
-Original Message-
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: 13 June 2001 02:05
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Form-based Authentication
On Tue, 12 Jun 2001, Abraham Kang wrote:
Hi Craig,
Thanks for the clarification.
I
PROTECTED]
Sent: Wednesday, June 13, 2001 4:51 AM
Subject: RE: Form-based Authentication
Hi All,
Form based auth is something that I have just been looking at, so I
thought
I'd add my two pennies worth.
My login form is using struts html, bean and template tags (no html:form)
and all
Hi Jonathan,
Snip from
http://java.sun.com/j2ee/blueprints/packaging_deployment/descriptors/index.h
tml#1035772
'Form-based authentication is the preferred mechanism for authenticating
application users in the J2EE platformThe security-constraint element
specifies that the URL
On Wed, 13 Jun 2001, Jon.Ridgway wrote:
Hi All,
Form based auth is something that I have just been looking at, so I thought
I'd add my two pennies worth.
My login form is using struts html, bean and template tags (no html:form)
and all appears ok. My template has an adapted version of
Hi Jon,
I know that WebLogic gets rid of these after authentication.
--Abraham
-Original Message-
From: Jon.Ridgway [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 13, 2001 1:51 AM
To: [EMAIL PROTECTED]
Subject: RE: Form-based Authentication
Hi All,
Form based auth
Has anyone implemented form-based authentication and Struts as defined by
the J2EE Blueprints?
http://java.sun.com/j2ee/blueprints/packaging_deployment/descriptors/index.h
tml#1035772
If so, any lessons learned from the appserver you deployed in?
Thanks,
Matt
yes I did this. It works perfectly on tomcat also on resin. JRUN seems to
have some problems with this.
-Original Message-
From: Matt Raible [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 12, 2001 3:14 PM
To: [EMAIL PROTECTED]
Subject: Form-based Authentication
Has anyone implemented
the user to their desired url
after post processing.
Hope This Helps,
Abraham
-Original Message-
From: Matt Raible [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 12, 2001 3:14 PM
To: [EMAIL PROTECTED]
Subject: Form-based Authentication
Has anyone implemented form-based authentication
Title: RE: Form-based Authentication
Hi Matt and Abraham,
I would like to know why you say that you need to specify a login-form that does not have j_security-check as its action?
I am using this as the action and using Struts action classes to do the login?
-Original Message
Title: RE: Form-based Authentication
Hi
Jason,
I should have been clearer.
The only time that you do not want the login-form to
specify "j_security_check" as its action is when you want to do some special
preprocessing before the user is authenticated. By forwarding to a s
On Tue, 12 Jun 2001, Abraham Kang wrote:
RE: Form-based AuthenticationHi Jason,
I should have been clearer.
The only time that you do not want the login-form to specify
j_security_check as its action is when you want to do some special
preprocessing before the user is
Hi Craig,
Thanks for the clarification.
I was wondering if you knew of any other way to do pre-processing
before being authenticated and post-processing after authentication
when using the form based authentication.
Would filters work here?
Sincerely,
Abraham
-Original Message
On Tue, 12 Jun 2001, Abraham Kang wrote:
Hi Craig,
Thanks for the clarification.
I was wondering if you knew of any other way to do pre-processing
before being authenticated and post-processing after authentication
when using the form based authentication.
Would filters work here
: Form based authentication
Hi,
Has anyone used Form based authentication? How does action
=j_security_check work?
Thanks,
Nagalli
Hi,
Has anyone used Form based authentication? How does action
=j_security_check work?
Thanks,
Nagalli
ameer
ameer
a login and
error page in the web.xml.
Jon.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: 06 June 2001 08:17
To: [EMAIL PROTECTED]
Subject: Form based authentication
Hi,
Has anyone used Form based authentication? How does action
=j_security_check work?
Thanks
62 matches
Mail list logo