j_security_check is just a 'special' URI that is handled inside the container. If an unauthenticated or unauthorized request arrives for a protected resource, the container will return the page specified in web.xml for login-form. That page must post j_username and j_password to the "j_security_check" URI. The container processes j_security_check internally and authenticates and authorizes the user against the JAAS realm (DataSource, JDBC, JNDI, etc) as configured for the app. If authenticated and authorized, the Principal is placed on the request or session (I forget which).

Seems like you might do a similar thing, but with a servlet/struts action/etc to do what the authenticator does in Tomcat.

You should look at the tomcat source to get more detail on this. It's all there. Also, consider posting to the Tomcat list if you haven't already.

Mike

> -----Original Message-----
> From: Ben Hill [mailto:ben.hill@SYNTEGRA.COM]
> Sent: Tuesday, May 18, 2004 7:56 AM
> To: J2EE-INTEREST@JAVA.SUN.COM
> Subject: Re: JAAS Authentication using Servlet Filter.
>
>
> [guy]  like i said, you can use the JaasRealm and it would
> work just fine but
> not through the servlet filter.
>
> How, why, would you like to elaborate?
>
> Mail me directly if you don't wish to post a lot to the list
> - I'll compile
> and post the solution...
>
> > [guy]  please read the Jaas tutorial and other resources.
>
> Not really helpful I'm afraid. I've read the tutorial, implemented
> stand-alone JAAS stuff, but I'd like to know how the
> j_security_check works
> so that I can try to implement something similar. I'm aware
> how JAAS works,
> but I need to implement custom security in a particular server. I've
> implemented providers in WLS, but not done anything like this
> with Tomcat.
> *This* is what I am asking about.
>
> Cheers,
>
> Ben
>
>
> ********************************************************************
>
> This email may contain information which is privileged or
> confidential. If you are not the intended recipient of this
> email, please notify the sender immediately and delete it
> without reading, copying, storing, forwarding or disclosing
> its contents to any other person
> Thank you
>
> Check us out at http://www.btsyntegra.com
>
> ********************************************************************
>
> ==============================================================
> =============
> To unsubscribe, send email to listserv@java.sun.com and
> include in the body
> of the message "signoff J2EE-INTEREST".  For general help,
> send email to
> listserv@java.sun.com and include in the body of the message "help".
>

=========================================================================== To unsubscribe, send email to listserv@java.sun.com and include in the body of the message "signoff J2EE-INTEREST". For general help, send email to listserv@java.sun.com and include in the body of the message "help".