Discussion:
Authentication with JAAS / Form Autenthication/ "j_security_check"
Jose Antonio Chirinos
2003-11-27 17:41:03 UTC
Permalink
Hi, i have a web application that use web authentication through "j_security_check" servlet; i need to add an extra parameter diferent of "j_password" and "j_username"; i guess that i have to put the extra parameter in the login form and in the definition of the realm; but where i have to include the code for the comparation of the new parameter.Thanks in Advanced.Jose Antonio Chirinos.



---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
Adam Hardy
2003-11-27 22:08:06 UTC
Permalink
Post by Jose Antonio Chirinos
Hi, i have a web application that use web authentication through
"j_security_check" servlet; i need to add an extra parameter diferent
of "j_password" and "j_username"; i guess that i have to put the
extra parameter in the login form and in the definition of the realm;
but where i have to include the code for the comparation of the new
parameter.Thanks in Advanced.Jose Antonio Chirinos.
Jose,
tomcat (and all servlet spec compliant app servers) won't process any
further parameters other than the two you mention. When you code your
realm, you code a LoginModule or equivalent which is passed these 2
parameters.

This means the only option you have is to instruct the user to place the
extra parameter on the end of the username, perhaps after an appropriate
seperator character, so that you can then split your extra parameter
from the user name in your realm code.


HTH
Adam
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
Andoni
2003-11-28 10:23:44 UTC
Permalink
This post might be inappropriate. Click to display it.
Adam Hardy
2003-11-28 12:52:27 UTC
Permalink
Yes, but if they happen to have javascript disabled, they will get very
confused!
Post by Andoni
You don't have to instruct the user to do this. Just have login form as a
hidden form and fill (and submit) it using JavaScript. You can get the
values from a login form you call whatever you like and then append whatever
you like to the end of each of the username and password.
This does sound rather odd though and you should really be looking at the
bigger picture of your architecture to see why you have this problem in the
first place as it sounds like you are trying to hack a solution to me!!
Sorry if your not!
Andoni.
----- Original Message -----
Sent: Thursday, November 27, 2003 10:08 PM
Subject: Re: Authentication with JAAS / Form Autenthication/
"j_security_check"
Post by Adam Hardy
Post by Jose Antonio Chirinos
Hi, i have a web application that use web authentication through
"j_security_check" servlet; i need to add an extra parameter diferent
of "j_password" and "j_username"; i guess that i have to put the
extra parameter in the login form and in the definition of the realm;
but where i have to include the code for the comparation of the new
parameter.Thanks in Advanced.Jose Antonio Chirinos.
Jose,
tomcat (and all servlet spec compliant app servers) won't process any
further parameters other than the two you mention. When you code your
realm, you code a LoginModule or equivalent which is passed these 2
parameters.
This means the only option you have is to instruct the user to place the
extra parameter on the end of the username, perhaps after an appropriate
seperator character, so that you can then split your extra parameter
from the user name in your realm code.
HTH
Adam
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
---------------------------------------------------------------------
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
Jose Antonio Chirinos
2003-11-28 15:20:33 UTC
Permalink
Thanks for yours sugestions, the reason for which i need to do that is because i have to do an authentication module that are able to authenticate a user depending on a company. That is because a user can be in 2 or more companys and the data of the companys is diferent.
Thanks in Advanced.

Adam Hardy <***@cyberspaceroad.com> wrote:
Yes, but if they happen to have javascript disabled, they will get very
confused!
You don't have to instruct the user to do this. Just have login form as a
hidden form and fill (and submit) it using JavaScript. You can get the
values from a login form you call whatever you like and then append whatever
you like to the end of each of the username and password.
This does sound rather odd though and you should really be looking at the
bigger picture of your architecture to see why you have this problem in the
first place as it sounds like you are trying to hack a solution to me!!
Sorry if your not!
Andoni.
----- Original Message -----
From: "Adam Hardy"
To: "Tomcat Users List"
Sent: Thursday, November 27, 2003 10:08 PM
Subject: Re: Authentication with JAAS / Form Autenthication/
"j_security_check"
Post by Adam Hardy
Post by Jose Antonio Chirinos
Hi, i have a web application that use web authentication through
"j_security_check" servlet; i need to add an extra parameter diferent
of "j_password" and "j_username"; i guess that i have to put the
extra parameter in the login form and in the definition of the realm;
but where i have to include the code for the comparation of the new
parameter.Thanks in Advanced.Jose Antonio Chirinos.
Jose,
tomcat (and all servlet spec compliant app servers) won't process any
further parameters other than the two you mention. When you code your
realm, you code a LoginModule or equivalent which is passed these 2
parameters.
This means the only option you have is to instruct the user to place the
extra parameter on the end of the username, perhaps after an appropriate
seperator character, so that you can then split your extra parameter
from the user name in your realm code.
HTH
Adam
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
---------------------------------------------------------------------
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-***@jakarta.apache.org
For additional commands, e-mail: tomcat-user-***@jakarta.apache.org


---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
rfhall
2003-11-29 01:00:11 UTC
Permalink
Jose,

How about sending the user to an intermediate page after
logging in to select a company?

Robert
=====
Post by Jose Antonio Chirinos
Thanks for yours sugestions, the reason for which i need to do that is
because i have to do an authentication module that are able to authenticate a
user depending on a company. That is because a user can be in 2 or more
companys and the data of the companys is diferent.
Post by Jose Antonio Chirinos
Thanks in Advanced.
Yes, but if they happen to have javascript disabled, they will get very
confused!
You don't have to instruct the user to do this. Just have login form as a
hidden form and fill (and submit) it using JavaScript. You can get the
values from a login form you call whatever you like and then append
whatever
Post by Jose Antonio Chirinos
you like to the end of each of the username and password.
This does sound rather odd though and you should really be looking at the
bigger picture of your architecture to see why you have this problem in the
first place as it sounds like you are trying to hack a solution to me!!
Sorry if your not!
Andoni.
----- Original Message -----
From: "Adam Hardy"
To: "Tomcat Users List"
Sent: Thursday, November 27, 2003 10:08 PM
Subject: Re: Authentication with JAAS / Form Autenthication/
"j_security_check"
Post by Jose Antonio Chirinos
Hi, i have a web application that use web authentication through
"j_security_check" servlet; i need to add an extra parameter diferent
of "j_password" and "j_username"; i guess that i have to put the
extra parameter in the login form and in the definition of the realm;
but where i have to include the code for the comparation of the new
parameter.Thanks in Advanced.Jose Antonio Chirinos.
Jose,
tomcat (and all servlet spec compliant app servers) won't process any
further parameters other than the two you mention. When you code your
realm, you code a LoginModule or equivalent which is passed these 2
parameters.
This means the only option you have is to instruct the user to place the
extra parameter on the end of the username, perhaps after an appropriate
seperator character, so that you can then split your extra parameter
from the user name in your realm code.
HTH
Adam
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
---------------------------------------------------------------------
--
struts 1.1 + tomcat 5.0.14 + java 1.4.2
Linux 2.4.20 RH9
---------------------------------------------------------------------
---------------------------------
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
Loading...