Hi John,

I came across your post on google for trying to programmatically use
the /j_security_check servlet for authentication. I am currently facing
a similar challenge using IBM Websphere 5.1

Did u ever get it work?

Could u kindly share your experience with me?

********* My current code snippet is as follows: ***********

URL jSecurityCheckURL = new
URL("http://localhost:9080/raweb/j_security_check");
HttpURLConnection jSecurityCheckURLConnection =
(HttpURLConnection)jSecurityCheckURL.openConnectio n();
jSecurityCheckURLConnection.setRequestMethod("POST");
jSecurityCheckURLConnection.setInstanceFollowRedir ects(false);
jSecurityCheckURLConnection.addRequestProperty("j_username",
j_username);
jSecurityCheckURLConnection.addRequestProperty("j_password",
j_password);
jSecurityCheckURLConnection.setRequestProperty("j_username",
j_username);
jSecurityCheckURLConnection.setRequestProperty("j_password",
j_password);
jSecurityCheckURLConnection.connect();
ApplicationParameter.getLogger().debug("j_security_check returned: "
+ jSecurityCheckURLConnection.getResponseCode() + ": " +
jSecurityCheckURLConnection.getResponseCode());

if (null != externalContext) {
String remoteUser = externalContext.getRemoteUser();
ApplicationParameter.getLogger().debug("Authenticated username: " +
remoteUser);
HttpServletRequest httpServletRequest =
(HttpServletRequest)externalContext.getRequest();
Principal principal = httpServletRequest.getUserPrincipal();
if (null != principal) {
String userName = principal.getName();
ApplicationParameter.getLogger().debug("Authenticated username: "
+ userName);
}
} else {
ApplicationParameter.getLogger().debug("Unable to obtain Faces
ExternalContext and hence the remote user details.");
}

******** And a snippet of response for the above code is as follows:
********

[DEBUG]: (Newlogin.submit:91) - j_security_check returned: 302: 302
[DEBUG]: (Newlogin.submit:95) - Authenticated username: null

Your help will be very much appreciated.

Thanks,
Sandeep Khanna


John H wrote:
> Hi:
>
> I have written a tool in Java which does an http get and prints out
> the returned data. One of the urls I need to hit has to be
> authenticated first through j_security_check. I have constructed a
> URL along the lines of:
>
> http://server:9999/j_security_check?..._password=pass
>
> From a browser, this request appears to work. From my tool, however,
> it fails. I think the actual request is being redirected and resent
> with a jsessionid. I think I need to append a semicolon followed by

a
> jsessionid name-value pair to the url above for my request to work.
> How can I capture a valid jsessionid such that I can append it to my
> request?
>
> Thanks,
> John