Is there anyway to see what is posted to j_security_check when doing a form based login? I.E. I want to see what username and password the user inputs... the username is easily seen in the log (and request.getRemoteUser()) but the pw.. Thanks!
- Posted by: Thomas Rolf
- Posted on: October 21 2008 03:34 EDT
In form-based encoding, the password is sent in cleartext by the browser. Its the server which does the encoding and authentication. (see: http://www.jboss.org/file-access/default/members/jbossweb/freezone/docs/2.1.0/realm-howto.html ) However, you can try writing a filter to fetch the j_password from the request. Remember to keep the filter pattern different from the protected url pattern. Please reply if you find a solution.