I think there is a better way to do this....
If you have username/password information and want to login your users, use
a servlet...like "/login".
Then use the normal roleManager method to login your user programatically.
If the login fails, you can return nicely to the external url from the
/login servlet, if it is successful, you forward to the protect resource.
So your pseudo-j2ee login form would be on another server or application,
and the action would be:
<form action="http(s)://mydomain.com/login" method="post">
password/username stuff
<input type=internal name="returnUrl"
value="http://myotherdomain.com/failurepage"; >
</form>
Your /login servlet would login your user like this:
RoleManager roleManager;
try {
roleManager = (RoleManager)context.lookup("java:comp/RoleManager");
} catch (NamingException e) { }
if(roleManager != null){
roleManager.login(request.getParameter("username"),request.getParameter("pas
sword"));
// now you can get the principal to check if they are in role
Principal principal =
roleManager.getPrincipal(request.getParameter("username"));
if(isPrincipalInRole(principal,"my-role")){
// now forward somewhere in the application
getServletContext().getRequestDispatcher("/somesecretplace").forward
(request,response);
} else {
// go to your failure url
}
} else { //do something if we can't find a roleManager }
This will work.
Regards,
the elephantwalker
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Trujillo, Kris
Sent: Thursday, August 30, 2001 4:15 PM
To: Orion-Interest
Subject: j_security_check
Does anyone know if it is possible to post to "j_security_check" from an
external form. What I mean by external is a form that isn't the form
referenced in the web.xml as form to show the user when they're not logged
in. I am hoping be able to use a form on another server that will post to
the oc4j server for authentication and session establishment on the oc4j
server. Anybody attempted this??
