views:

15

answers:

0

I have a J2EE webapp which uses standard FORM-based authentication, using a login.jsp page, which works okay, apart from a couple of glitches:

  • If username/password are incorrect, the login error page auto-redirects back to login.jsp, but unfortunately "j_security_check" then appears at the end of the URL - which I know is sub-optimal.

  • Intermittent 408 errors on log-in, which I guess is due to unwanted caching.

However, I now need to do 2 new things:

  1. Log a user in from a different style log-in form embedded in another page, not the log-in page, ideally by making an Ajax request.

  2. In some circumstances, auto-login the user as "guest", so that I can control user's access to resources based on the application's own internal security model.

In summary: is there a best-practice way of interacting with the J2EE j_security_check functionality via Ajax, to provide more flexibility in logging-in?

( I haven't supplied code or config snippets as I'm after a general approach rather than a fix to a specific problem )