tags:

views:

1064

answers:

1
Q: 

How to forward to j_security_check?

I'm using form based authentication (JBOSS/JAAS) but my form is sending the data to my Servlet so I can perform some checks before trying to login.

Now I need to forward to j_security_check but what I tried didn't work (404 error)...

How can I redirect/forward to the j_security_check (please note the application is running over https / sssl) ?

I can make it work with a redirect and the params go in the URL, but that is not safe (as the user/pass stays in the browser history, etc)...

Any ideas?

A: 

Tomcat only accepts requests to j_security_check if it initiated a login process before for that session. So first you need to try to access a security-constraint resource. Then Tomcat will redirect you to the login form. Only then are you allowed to access j_security_check.

Joachim Sauer  2009-04-09 11:55:42
that is not my issue. It is redirecting to my login form. The form action goes to my servlet and now I want to redirect/forward to the j_security_check.redirecting works but it is a GET request which is not safe
AlfaTeK  2009-04-09 13:29:23

related questions

What are the advantages and disadvantages of DTOs from a website performance perspective?
ADF Business Components thru RMI Vs EJB and Toplink
Can't add server to a moved workspace
J2EE App Server Hello World
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Usable JSP/Servlet Hosting
Get Methods: One vs Many
What tools are there for timed batch processes in J2EE?
Beginning J2EE
Modify an xml files in a jar file with Java
What are the pros and cons of using RMI or JMS between web and business tiers?
Good pattern or framework for adding auditing to an existing app?
ResourceBundle from Java/Struts and replace expressions
Java Servlet 404 errors
track down file handle
Senior J2EE interview questions
How do I remotely get a checksum for a file on a Windows machine?
Can the Weblogic default handler display the list of contexts?
Are there any Open Source / Free Software alternatives to ATG?
Can you programmatically restart a j2ee application?
How do you build a multi-language web site?
JSF Lifecycle and Custom components
J2EE - DAO DVO
What's your "best practice" for the first Java EE Spring project?
Can someone give me a working example of a build.xml for an EAR that deploys in WebSphere 6