Bypassing the login screen on web applications hosted on Tomcat or JBoss

 

The attached code will allow you to provide links to your password protected web application screens that will not require to go through login page, as long as the correct credentials will be provided in the URL. The implementation is based on Tomcats valves.

 Tomcat valves are similar to servlet filters in that they can be used to pre-process request objects. However, unlike filters, which are server-independent, valves are proprietary to Tomcat. Also, valves are only inserted in the request-processing pipeline and therefore cannot be used to modify response objects. 
The use of valve is required because the login process is executed before any of the filters
 
The following valve allows external applications that would like to launch the web GUI to skip the login page, as long as they provides the correct credentials in the URL as parameters named: j_username, j_password.
In order to make it work you should compile and pack the enclosed AuthenticatorValve.java file into a jar and placed it under 

For JBoss
jboss/server/default/deploy/jbossweb-tomcat50.sar/
For Tomcat
$CATALINA_HOME/server/lib/

The file context.xml should be placed under you war WEB-INF directory
For more information see the Tomcat documentation.

 

P.S. -  I would like to give the credits to this solution to Zvika that provided the code when I needed to solve this issue

Thank you for your interest!

We will contact you as soon as possible.

Send us a message

Oops, something went wrong
Please try again or contact us by email at info@tikalk.com