tags:

views:

1064

answers:

1

I'm using form based authentication (JBOSS/JAAS) but my form is sending the data to my Servlet so I can perform some checks before trying to login.

Now I need to forward to j_security_check but what I tried didn't work (404 error)...

How can I redirect/forward to the j_security_check (please note the application is running over https / sssl) ?

I can make it work with a redirect and the params go in the URL, but that is not safe (as the user/pass stays in the browser history, etc)...

Any ideas?

A: 

Tomcat only accepts requests to j_security_check if it initiated a login process before for that session. So first you need to try to access a security-constraint resource. Then Tomcat will redirect you to the login form. Only then are you allowed to access j_security_check.

Joachim Sauer
that is not my issue. It is redirecting to my login form. The form action goes to my servlet and now I want to redirect/forward to the j_security_check.redirecting works but it is a GET request which is not safe
AlfaTeK