Abe, Thanks for that. Other than this apparent lack of flexibility, are there problems with the j_security_check method? I presume/hope that it is secure etc (when used through https). Upon reading the servlet spec PDF I note that the j_security_check method is defined at this level and as such should work in all containers. Is this the case? I hope I'm right in assuming that custom authentication should work in all containers as well.
I will look into custom auth, but not just yet. My attitude towards this current project is to get each section working before considering implementing it at a release level. ;) Cheers for your help, Joel. ""Abraham Fathman"" <[EMAIL PROTECTED]> wrote in message news:<013d01c1f3ec$a2bfba30$8a56e20a@pcg>... | Joel, | | I wouldn't use the Security in the spec - ie don't use j_security_check | servlet... | | Write your own authentication mechanism that will tie into this third | party. You can write a filter (as of servlet spec 2.3) that will | restrict access to certain url by first redirecting them to a logon | page. | | Does this make sense? I have written applications that do excatly what | you are talking about so if it doesn't, respond with what I need to | expand on. | | Hope I can help! | Abe | | -----Original Message----- | From: Joel Baker [mailto:[EMAIL PROTECTED]] | Sent: Saturday, May 04, 2002 11:55 PM | To: [EMAIL PROTECTED] | Subject: Customising the logic behind Container Authentication | (j_security_check) | | | Hi there, | | The webapp I'm currently developing uses the j_security_check method of | authentication. That is, when authentication is required (ie: when a | client tries to access a restricted resource) the client gets directed | to the file specified in the <form-login-page> tag in my web.xml file - | in this case this file is login.jsp. This JSP presents a form to the | client whose action is j_security_check, an internal Tomcat servlet | (though it is more general than Tomcat, being in the Servlet spec) that | processes this response. When the user is authenticated, based on her | username and password, by the j_security_check servlet she is returned | to the resource she first requested. | | However, I am needing to set further login tokens based on the username | and password given and am thus looking to somehow intercept the | j_security_check servlet - ideally without rewriting it. This is because | I am trying to create an authentication token for a third party web | application (and thus creating single sign on as the third party web app | doesn't use tomcat container authentication) at the same time as logging | into the main site. | | If anyone has any ideas I would be, of course, very grateful. | | Joel Baker. | | | -- | To unsubscribe: <mailto:[EMAIL PROTECTED]> | For additional commands: <mailto:[EMAIL PROTECTED]> | Troubles with the list: <mailto:[EMAIL PROTECTED]> | | -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
