Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

Use j_security_check directly

Hi,

I have a web application that is using j_security_check. (I have a login page, and login module and everything works fine).

I have another application (Swing), that can invoke the web application.

Since the user was already authenticated & authorized when entering the swing application there's no need to launch the web application login page again.

I want that when the application is open as a stand alone application (opening a browser and typing the URL), the login page will be loaded (like today).

But when it is launched from the web application I want to skip the login page.

How can I call the j_security_check and pass it the username & password directly from the Swing application?

I tried openning a page that includes the following:

<html>

<head>

</head>

<body onLoad="document.loginForm.submit()">

<FORM NAME="loginForm" METHOD="POST" ACTION="j_security_check" >

<INPUT TYPE="Hidden" NAME="j_username" SIZE=17 CLASS=FORM VALUE="efratbar">

<INPUT TYPE="Hidden" NAME="j_password" SIZE=17 CLASS=FORM VALUE="maccabi">

</form>

</body>

</html>

but it didn't work...

Any idea how to do it?

Thanks,

Efrat

[1582 byte] By [efratba] at [2007-10-3 0:00:40]
«« JSP and HTTP return code
»» Telnet: how to get all lines of response?
# 1

--

I was trying to open a browser using the following URL:

"http://localhost:8080/EM/j_security_check?j_username=" + j_username + "&j_password=" + j_password

-

The parameters that I passed are corerct (I managed to decrypt the given password in the login module).

But I got

HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

Why didn't it work?

Thanks,

Efrat

efratba at 2007-7-14 16:48:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 2
When you use FORM-BASED authentication on Web Application, Web Application become authenticated, however if you want use a Swing Application you must authenticate your Swing Application instead of Web Application.Get more info: Authenticate J2EE App Clients.
Rulasa at 2007-7-14 16:48:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 3

I understand that.

I'll try to explain better my situation:

I have 2 application, the first is web application (where I use j_security_check), and the second in a rich client application (where I use JAAS).

From the rich client application the user can invoke the web application: Pressing a button will open a browser with the web application's URL.

Today when I open a browser from the rich client application I pass the URL of the login page, and the user has to enter username & password (even though he already did it when he entered to the rich client application).

I want to avoid it and skip the login page, by passing the j_security_check the username & passwork that I already know.

I tried passing them in the URL, as described above, but it didn't work.

Any idea how to do it?

Thanks,

Efrat

efratba at 2007-7-14 16:48:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified