[jboss-user] [Security & JAAS/JBoss] - Using container authentication (j_security_check) and having

7rond do-not-reply at jboss.com
Tue Feb 20 05:38:13 EST 2007


I've run into a bit of a problem here which I've tried to solve by myself but I can't seem to find the appropriate solution.

What I've set up so far is a web app configured with form authentication - that in turn uses my application policy in login-config.xml to provide JAAS authentication into the webapp. I need this to have some security in the ejb-beans the webapp will consume, and as of now this is working properly as long as I have some restricted content configured in web.xml that I can use to force Tomcat to show the configured login form.

Now, my problem is that this webapp is not supposed to demand the user to log in. Rather, logging in is optional and will only provide you with some extra features. I also need to have a login form present on each page, and this becomes troublesome as it isn't possible to make a custom form on a unrestricted page post to j_security_check it seems (that gives the error "HTTP Status 400 - Invalid direct reference to form login page").

So - basicly - I have the authentication stuff up and running, but I don't want any restricted resources in my webapp. I just want to be able to provide the user with the option to log in (without having to go to a new page to log in, but rather use a login form present on each page), and still be able to use the same authentication methods as I would have using j_security_check.

Is there any way to accomplish this? Any input would be appreciated!

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4019278#4019278

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4019278

More information about the jboss-user mailing list