[EMAIL PROTECTED] wrote: > I am having a problem posting credentials to j_security_check for > form-based authentication. > > It seems that tomcat expects that I already have a session established > before posting the username and password. If I don't already have a > JSESSIONID cookie, j_security_check returns a 408. Unfortunately, I > have another application attempting to talk to this one that requires > that the first thing it does is post credentials to the > j_security_check, so I have no mechanism of hitting another page first > to establish a session. > > This mechanism worked fine with BEA Weblogic, but it seems that tomcat's > handling of j_security_check is different. Does anyone know of any > options to modify the behavior of j_security_check so that it would just > do the authentication and establish the session in one shot at the time > of the POST request?
Sorry, no. That isn't the way the spec is written. However, http://securityfilter.sourceforge.net/ should do exactly what you want. Mark --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
