How to forward to j_security_check?
https://stackoverflow.com/questions/733856
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm using form based authentication (JBOSS/JAAS) but my form is sending the data to my Servlet so I can perform some checks before trying to login.
Now I need to forward to j_security_check but what I tried didn't work (404 error)...
How can I redirect/forward to the j_security_check (please note the application is running over https / sssl) ?
I can make it work with a redirect and the params go in the URL, but that is not safe (as the user/pass stays in the browser history, etc)...
Any ideas?
Solution
I see this is an old post, but I wanted to share an answer.
If the original request is POST, you can simply forward to j_security_check after you do some processing.
...
request.getParameterMap().put( "j_username", new String[]{ userId } );
request.getParameterMap().put( "j_password", new String[]{ password } );
try
{
request.getRequestDispatcher("/j_security_check").forward( request , response );
return null;
}
catch (ServletException e)
{
logger.error( e );
}
catch (IOException e)
{
logger.error( e );
}
OTHER TIPS
Tomcat only accepts requests to j_security_check if it initiated a login process before for that session. So first you need to try to access a security-constraint resource. Then Tomcat will redirect you to the login form. Only then are you allowed to access j_security_check.
I know this is a too old question but I had the same problem and the unique way that I found to solve it was using something like this:
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String user = req.getParameter("j_username");
String pass = req.getParameter("j_password");
resp.sendRedirect("/Project-web/j_security_check?j_username=" + user + "&j_password=" + pass);
}
Since I just had the same problem, and the others answers have not proven to work for me, I wanted to share my own solution:
1) Create a new JSP, say, loginForward.jsp, for forwarding purposes only:
<%@ page language="java" %>
<%
final String username = request.getParameter("j_username");
final String password = request.getParameter("j_password");
%>
<body onload="document.getElementById('creds').submit()">
<form name="creds" id='creds' method="POST" action="j_security_check">
<input type="hidden" name="j_username" value="<%= username %>">
<input type="hidden" name="j_password" value="<%= password %>">
</form>
</body>
2) In your servlet, forward to that JSP:
final String redirectURL = String.format("loginForward.jsp j_username=%s&j_password=%s", username, password);
RequestDispatcher requestDispatcher = request.getRequestDispatcher(redirectURL);
requestDispatcher.forward(request, response);
return;
