I'm about to implement a specific user authentication mechanism with FORM based authentication. So far, i have custom authentication provider for WLS 8.1 server and custom LoginModule to handle incoming POST data using TextInputCallback objects.

As far as I know, only way to get this incoming POST data to LoginModule is posting it through j_security_check action. However, my incoming POST data does not contain j_username or j_password fields, e.g:

<form action="j_security_check" method="POST">
<input type="hidden" name="A" value="1">
<input type="hidden" name="B" value="2">
</form>

And no j_username or j_password fields - this is specific to protocol I have to implement! The thing is that this POST data won't be accessible in my LoginModule because i get redirected to login-error-page immediately.

Is there any way to get this post data to be accessible in my LoginModule object - with or without using j_security_check?

Hi,

j_security_check servlet cannot be used if you dont use j_username/j_password fields.

Write a new servlet (eg MySecurityCheckServlet) and in doPost() method use this code fragment:

int res = weblogic.servlet.security.ServletAuthentication.weak(userName, passwd, request);
if (res == weblogic.servlet.security.ServletAuthentication.AUTHENTICATED) {
   // Autentication successfull
} else {
   // Autentication failed
}

Bye, Stefano

add some configuration in your applicationContext-security.xml as below: the java code is in this class AuthenticationProcessingFilter.java you can see the hard code j_username in the file