Skip to main content

"j_security_check" does not work with URL rewriting

1 reply [Last post]
zebhed
Offline
Joined: 2007-11-03

I have an application with form based login, thus I am using "j_security_check".

When an unauthenticated user accesses an application resource that requires authentication, the user is forwarded (or redirected?! - does not matter in this case) to the login page specified in web.xml.

The source code of the servlet that generates the login form looks like this:

writer = response.getWriter();
writer.println(""); //TODO head einfügen
writer.println("");
writer.println("");
writer.println("");
writer.println("");
writer.println("");
writer.println("");

If the user accepts cookies, "j_security_check" will work as intended. It authenticates the user and redirects to the requested application resource.
Nothing unusual so far.

BUT when using URL rewriting, "j_security_check" does not work. The user is not authenticated. Instead, he is redirected to the welcome-file listed in web.xml.

I know, the servlet spec says:
"Form based login and URL based session tracking can be problematic to implement.
Form based login should be used only when sessions are being maintained by
cookies or by SSL session information."

Nevertheless, my question is:
Is there a way to use "j_security_check" with URL rewriting using glassfish?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
zebhed
Offline
Joined: 2007-11-03

*up*

Is there a way to use "j_security_check" with URL rewriting?

Or, if not: Will later versions of glassfish support "j_security_check" with URL rewriting?