"sxy" wrote in message
news:406b31ba$1@newsgroups.bea.com...
>
> I uses form-based anthentication that works fine so far. I am using struts

with
> weblogic7 sp4. Now I am trying to put more fields data along with

j_username and
> j_password to pass to a filter processing. . However, first issue is the

filter
> never got fired.


This works as designed/spec. Servlet filters are not meant to be applied on
j_security_check.
Use AuthFilters if you really want to intercept j_security_check requests.

> Next one is the welcome page got called but the user's data has
> been losted when the request forward to here.


Note it is not a forward. It is a redirect. So obviously the params/headers
will be lost.

> How can I set the data on session scope?


Depends on what you are doing, but WebLogic supports custom fields for Form
based authentication. The default CallbackHandler listens for
TextInputCallback and returns those fields from the request parameters. So
you need to implement a custom authentication provider which triggers these
events. The default OOTB authentication provider does not. This method is
useful when you have additional criteria for logging in a user (besides
password) - eg. SSN/birthdate etc.

Ref: http://e-docs.bea.com/wls/docs81/faq/security.html

Q. I want to provide additional fields in my Web application for form-based
authentication. What application programming interfaces (APIs) should I use?

A. The CallbackHandler implementation in the WebLogic Authentication
provider supports only stringified versions of a username and password when
using form-based authentication.

If a Web application requires more authentication information, use the
javax.security.auth.TextInputCallback interface of the JAAS Callback
application programming interface (API) in the code for your LoginModule.
The implementation of the javax.security.auth.TextInputCallback interface
needs to use the name of the authentication field as the prompt to the
method constructor. For example:

Callback[] callbacks=new Callback[1];callbacks[1]=new
TextInputCallback("TextField");try{ callbackHandler.handle(callbacks)
textField1=((TextInputCallback)callbacks[2].getText} catch
(java.io.IOException ioe) { throw new LoginException(ioe.toString());}catch
(UnsupportedCallbackException uce) { throw new LoginException
("Error:"+uce.getCallback().toString() + "not available to garner
authentication information" + "from the user");}//"textField1 is not set
correctlyWhen the ServletCallbackHandler gets a TextInputCallback, the
callback looks for a field matching the prompt of the TextInputCallback. If
there is a match, the callback handler sets the value in the callback. If no
match is found, an UnsupportedCallback exception is raised.

> (I'd like to use a AuthFilter but not working) Please give me a hand if
> anyone knows this. Thanks


Why is not working? Can you provide more details?

-Vinod.