Hi Martin,
That sounds like a good idea.
I'll give it a shot and post my results here.
thanks
--G
On Thu, Aug 08, 2002 at 04:32:21PM +0200, Martin Jacobson wrote:
> Guillermo Payet wrote:
>
> > Hi,
> >
> > I've asked this one before, but got no answers, so here goes an
> > "abridged" version.
> >
> > I'd like to "force" a FORM authentication by somehow calling
> > /login/j_security_check from a jsp page, or doing something
> > equivalent, so that the application can decide to "force" the
> > authentication of a session in some cases, whithout the user
> > having to go through the login form.
> >
> > We're using Tomcat 4.0.3
> >
> > I found this pointer to a purported solution to our problem:
> >
> >
>http:[EMAIL PROTECTED]%3E
> >
> > But it ain't working. I've tried all kinds of variations on this,
> > but I cannot figure out how to make it work. It seems that once a
> > request is matched against auth constraints, (which happens when the
> > registration page is first loaded) it will not be matched again.
> > This means that any redirection of the request to j_security_check
> > just returns a 404, since authenticate() is never called again and so
> > it fails to intercept the request and authenticate the session.
> >
> > Any ideas?? Any help is appreciated!
> >
>
>
> Caveat: I haven't tried the following, so I don't know whether it'll
> work...
>
> Use FORM authentication, but with a combined registration & login form.
> Place a filter in front of j_security_check that picks the registration
> data from the form, registers them, so that when the filter exits,
> j_security_check then discovers a valid account.
>
> Hope this helps,
>
> Martin
>
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
--
Guillermo Payet
O C E A N G R O U P
email: [EMAIL PROTECTED]
web: http://www.oceangroup.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
