In my web app, I am using form-based login. I have a scenario where I have to validate the users present in a different database in addition to the data of the table set in login-config.xml.
So,I was thinking of this flow:
User tries to access a secured resource -> if No active session,will be redirected to login form -> User enters his credentials -> j_security_check authenticates as per login-config.xml -> if authentication succeeds, well and good, else redirect to a jsp error page, where I check if the user is present in the other DB(Active directory to be specific.I already have the code to validate the credentials) and create a session on success -> else redirect to error page
Is the part highlighted above in bold possible at all??
I have read in some articles that once the authentication is given to j_security_check, there is no way to over rule it. Is it true???
Is there any other possible solution for this problem (apart from adding the users from other db to the table specified in the login-config.xml or modifying the login-config.xml)??
(I am using Jboss)
Thanks.