Is it possible to have URL based authentication with Form based authentication?

0
votes

login page

<form method='post' action='j_security_check'>
	<input type='text' name='j_username'>
	<input type='password' name='j_password'>
</form>

content from web.xml

<web-app>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>User Auth</web-resource-name>
			<url-pattern>/auth/*</url-pattern>
		</web-resource-collection>
		<auth-constraint>
			<role-name>admin</role-name>
			<role-name>manager</role-name>
		</auth-constraint>
	</security-constraint>
	<login-config>
		<auth-method>FORM</auth-method>
		<form-login-config>
			<form-login-page>login.jsp</form-login-page>
			<form-error-page>error.jsp</form-error-page>
		</form-login-config>
	</login-config>
</web-app>

Form based authentication works fine. But if I access the index.jsp directly from http://localhost:8080/index.jsp/j_security_check?j_username=admin&j_password=admin is not working.

Why its not working ?

1
javatomcat
method='post' but a browser send a GET request (well from what I know), If you really want to do that, you need to manage the GET request too. (but is it really necessary ? Use a redirect page if you really need that)AxelH
As you're using the method='post' in your form, the request is being handled as a post - however, when you're just passing the queryparameters directly as you've indicated - the request will be handled as a get (which is != post) and thus won't workvegaasen

1 Answers

0
votes

Since you are expecting a login from a POST request, you can't (correct me if I am wrong) send this directly from the browser URL.

A solution would be to do an other page, a loginRedirect.jsp that would send a POST request automaticly.

This would be populate the <form> with the parameter passed in the URL and automaticly send an click event. Everything in Javascript.

This could be done in the login page off course. If there is some parameter in the URL, send the form automaticly.

Using this answer as source, you can easily read the parameter (and check if there is any) and set the values of the <input>. Then generate a click on the submit button.