j_security_check Login Function is not supported in WSAS V3.5.x


Hints and tips

Abstract
WebSphere Application Server V3.5.x is not compliant with Servlet 2.2 API when trying to access the standard J2EE login functionality, j_security_check
Content
The j_security_check is not supported in WAS 3.5.x.

The j_security_check is a J2EE extension that is used when doing Form logins instead of basic auth. The j_security_check is a special Post action specified in a html form for form login (see the example below). In 3.5.x releases of WAS.

The way to do form based login in 3.5.x is to use the Custom Login feature.

Example of J2EE from based login with servlet 2.2 which is supported in WAS 4.0 (when released) but not WAS 3.5.x.
<!DOCTYPE HTML PUBLIC "-//W3C/DTD HTML 4.0 Transitional//EN">
<html>
<META HTTP-EQUIV = "Pragma" CONTENT="no-cache">
<title>Security FVT Login Page</title>
<body>...
<h2>SecFVTServlet1 Form Login</h2>
...
<FORM METHOD=POST ACTION="j_security_check">
<p>
...
<font size=""2"><strong>Please" Enter user ID and password:</strong></font>
<BR>
...
<strong> User ID</strong><input type="text" size=""20"" name="j_username">...
<strong> Password </strong><input type="password" size=""20"" name="j_password">
<BR>
...
<font size=""2"><strong>And" then click this button:</strong></font><input type="submit" name="login" value="Login">
</p>
</form>
</body>
</html>
Historical Number
PMR 00059
p33
649











Document Information

Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Security
Operating system(s): Multi-Platform
Software version: 3.5.x
Software edition: Advanced
Reference #: 1078741
IBM Group: Software Group
Modified date: 2002-11-18