Is it possible to have URL based authentication with Form based authentication?

Question

login page

<form method='post' action='j_security_check'>
 <input type='text' name='j_username'>
 <input type='password' name='j_password'>
</form>

content from web.xml

<web-app>
 <security-constraint>
  <web-resource-collection>
   <web-resource-name>User Auth</web-resource-name>
   <url-pattern>/auth/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
   <role-name>admin</role-name>
   <role-name>manager</role-name>
  </auth-constraint>
 </security-constraint>
 <login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
   <form-login-page>login.jsp</form-login-page>
   <form-error-page>error.jsp</form-error-page>
  </form-login-config>
 </login-config>
</web-app>

Form based authentication works fine. But if I access the index.jsp directly from http://localhost:8080/index.jsp/j_security_check?j_username=admin&j_password=admin is not working.

Why its not working ?

Answer 1

Since you are expecting a login from a POST request, you can't (correct me if I am wrong) send this directly from the browser URL.

A solution would be to do an other page, a loginRedirect.jsp that would send a POST request automaticly.

This would be populate the <form> with the parameter passed in the URL and automaticly send an click event. Everything in Javascript.

This could be done in the login page off course. If there is some parameter in the URL, send the form automaticly.

Using this answer as source, you can easily read the parameter (and check if there is any) and set the values of the <input>. Then generate a click on the submit button.