j_security_check should work with all containers. Custom authentication will work with all containers as long as you don't use any server specific code (casting an object to a tomcat object...).
Like I said, I am doing custom auth and am quite happy with it. Abe -----Original Message----- From: Joel Baker [mailto:[EMAIL PROTECTED]] Sent: Sunday, May 05, 2002 11:07 PM To: [EMAIL PROTECTED] Subject: Re: Customising the logic behind Container Authentication (j_security_check) Abe, Thanks for that. Other than this apparent lack of flexibility, are there problems with the j_security_check method? I presume/hope that it is secure etc (when used through https). Upon reading the servlet spec PDF I note that the j_security_check method is defined at this level and as such should work in all containers. Is this the case? I hope I'm right in assuming that custom authentication should work in all containers as well. I will look into custom auth, but not just yet. My attitude towards this current project is to get each section working before considering implementing it at a release level. ;) Cheers for your help, Joel. ""Abraham Fathman"" <[EMAIL PROTECTED]> wrote in message news:<013d01c1f3ec$a2bfba30$8a56e20a@pcg>... | Joel, | | I wouldn't use the Security in the spec - ie don't use | j_security_check servlet... | | Write your own authentication mechanism that will tie into this third | party. You can write a filter (as of servlet spec 2.3) that will | restrict access to certain url by first redirecting them to a logon | page. | | Does this make sense? I have written applications that do excatly what | you are talking about so if it doesn't, respond with what I need to | expand on. | | Hope I can help! | Abe | | -----Original Message----- | From: Joel Baker [mailto:[EMAIL PROTECTED]] | Sent: Saturday, May 04, 2002 11:55 PM | To: [EMAIL PROTECTED] | Subject: Customising the logic behind Container Authentication | (j_security_check) | | | Hi there, | | The webapp I'm currently developing uses the j_security_check method | of authentication. That is, when authentication is required (ie: when | a client tries to access a restricted resource) the client gets | directed to the file specified in the <form-login-page> tag in my | web.xml file - in this case this file is login.jsp. This JSP presents | a form to the client whose action is j_security_check, an internal | Tomcat servlet (though it is more general than Tomcat, being in the | Servlet spec) that processes this response. When the user is | authenticated, based on her username and password, by the | j_security_check servlet she is returned to the resource she first | requested. | | However, I am needing to set further login tokens based on the | username and password given and am thus looking to somehow intercept | the j_security_check servlet - ideally without rewriting it. This is | because I am trying to create an authentication token for a third | party web application (and thus creating single sign on as the third | party web app doesn't use tomcat container authentication) at the same | time as logging into the main site. | | If anyone has any ideas I would be, of course, very grateful. | | Joel Baker. | | | -- | To unsubscribe: <mailto:[EMAIL PROTECTED]> | For additional commands: <mailto:[EMAIL PROTECTED]> | Troubles with the list: <mailto:[EMAIL PROTECTED]> | | -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
