Yes, this works, and is how I perform user authentication. It's not app
server portable though. :-(
Jeff
>-----Original Message-----
>From: Andre Vanha [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, February 22, 2001 8:52 AM
>To: Orion-Interest
>Subject: RE: Any way to "forward" to j_security_check?
>
>
>It might be possible to achieve this without forwarding. I
>haven't tried
>it, but using Orion's role manager might do the trick. First you can
>retrieve the role manager using RoleManager manager = (RoleManager)new
>InitialContext().lookup("java:comp/RoleManager"); The you can
>call login on
>the RoleManager with the appropriate username and password.
>This may do the
>trick. You can get more info about the user manager in the
>Orion API docs
>or at
>http://www.orionserver.com/docs/api/com/evermind/security/RoleM
>anager.html.
>
>Let me know if this works, I'm curious muslef.
>
>Andre
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, February 22, 2001 5:27 AM
>To: Orion-Interest
>Subject: Any way to "forward" to j_security_check?
>
>
>Does anyone know a way to "forward" to the j_security_check
>processing in
>Orion ? We use form-based login but have our own processing to
>do ahead of
>the
>standard j_security_check.
>
>On J2EE Reference Implementation (and e.g. Weblogic) we post
>the form to our
>own servlet instead of j_security_check, then forward from this to
>j_security_check. This doesn't seem to work on Orion i.e.
>j_security_check
>doesn't seem to be something one can get a request dispatcher for.
>
>Of course, the servlet spec doesn't mandate anything about how
>the server
>should implement the j_security_check mechanism, so
>potentially it doesn't
>have to have anything that can be referenced and invoked from
>application
>code. But it would be useful to be able to.
>
>I've also thought about programmatically simulating a post to
>j_security_check
>instead of trying to forward to it, but doesn't look simple
>and not sure
>this
>would work on Orion either. Might be helped by Servlet 2.3 but
>can't move to
>that yet.
>
>Am I just missing some trick to this, or is it not possible on
>Orion? Or is
>it
>related to a bug somewhere ? (n.b. even a normal post to
>j_security_check
>seems to fail, and to get sign-on to work I have to use
>Orion's non-standard
>feature of leaving the action unspecified).
>
>
>
>
>
>***********************************
> NIG
>The National Insurance &
>Guarantee Corporation PLC
>
>Reg. Office :
> Crown House
> 145 City Road
> London
> EC1V 1LP
>
>Registered in England & Wales No : 42133
>***********************************
>Legal disclaimer :
>This message is confidential and for use by the addressee only. If the
>message is received by anyone other than the addressee, please return
>the message to the sender by replying to it and then delete the message
>from your computer.
>
>NIG does not accept responsibility for changes made to this message
>after it was sent.
>
>
>
