Stephen wrote:

> I am using WLS 6.1 and tried using a custom filter to intercept the authentication
> request submitted from a FORM BASE jsp (using the j_security_check form).
>
> However, no matter what i've tried, it is always the authentication part that
> gets executed before the filter.
>
> Any idea how could I intercept the request before the j_security_check servlet
> calls the security provider for authentication?

There is a (now deprecated) class weblogic.servlet.security.AuthFilter.
I haven't used it because it is deprecated but I think it does what
you're after.

In my apps, I make the FORM auth submit to my own servlet which can then
do what j_security_check does (most although not all is accessible
through public APIs).

Robert

Hi Robert,

thanks very much for ur pointers on the AuthFilter class.. will try that out.


Robert Greig wrote:
>Stephen wrote:
>
>> I am using WLS 6.1 and tried using a custom filter to intercept the
>authentication
>> request submitted from a FORM BASE jsp (using the j_security_check
>form).
>>
>> However, no matter what i've tried, it is always the authentication
>part that
>> gets executed before the filter.
>>
>> Any idea how could I intercept the request before the j_security_check
>servlet
>> calls the security provider for authentication?
>
>There is a (now deprecated) class weblogic.servlet.security.AuthFilter.
>
>I haven't used it because it is deprecated but I think it does what
>you're after.
>
>In my apps, I make the FORM auth submit to my own servlet which can then
>
>do what j_security_check does (most although not all is accessible
>through public APIs).
>
>Robert