I've not tried this but I doubt it will work.
1. Since this is dubbed 'Container based authentication' in the J2EE spec,
and you're posting from outside the container, I would guess it won't work.
2. Since you are not authenticated when you are trying to post, the
container should attempt to do the atuhentication (e.g. after you post you
will be prompted for authentication).
3. The 'j_security_check' form name is essentially an internally recognized
keyword, not a true form.
4. If you could post from another server it would make me (and probably
alot of other security concious people) feel uncomfortable. If you could
post from outside the container it would be a no brainer to make a wrapper
and capture keystrokes when someone mistyped a URL (e.g. www.bakn.com
instead of www.bank.com) and the user would never notice. As it stands now,
its a bit more difficult to spoof this interaction.
-----Original Message-----
From: Trujillo, Kris [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 30, 2001 4:15 PM
To: Orion-Interest
Subject: j_security_check
Does anyone know if it is possible to post to "j_security_check" from an
external form. What I mean by external is a form that isn't the form
referenced in the web.xml as form to show the user when they're not logged
in. I am hoping be able to use a form on another server that will post to
the oc4j server for authentication and session establishment on the oc4j
server. Anybody attempted this??
