Re: A set of related queries on web tier security using form based login (j_security_check)
Wednesday, December 18, 2002 09:19 AM
to answer 1), in some app servers there is a way to programmatically log them in. We've done this successfully in Orion, but haven't found out a way to do it in Tomcat as of yet. Basically, the login manager, or user manager, or whatever it's called that does the authentication needs to be accessible through JNDI, then you can look it up and log them in, then forward them on to the protected page.
to answer 2), the filter method would work. Another method would be to write your own login manager, or user manager, or whatever your app server calls it, that does the initialization you are asking for. We did something similar to this in Orion, haven't tried it in Tomcat yet.