-none- 2007-09-06 - By David Delbecq
Back
I somehow understand what you are trying to do. I suppose your idea is
to have user get an email with a serial number that allow them direct
access to a secured page. This serial would be associated internally by
your app with that user's credential.
AFAIK, the J2EE specs does not allow 'spontaneous login' from
webapplication and am not sure tomcat give provision for this. You could
probably revamp the SSO valve so that is can inject the basic
authentification header to tomcat.
Another possibility might be the use of
http://securityfilter.sourceforge.net/ which mimic a container security
mecanism (respect of web.xml rules, use of realms) but allows for more
flexibility than pure j2ee specs.
En l'instant pr??cis du 06/09/07 07:31, zhu quanxin s'exprimait en ces
termes:
> Hi, Dave
>
> I am looking for tomcat API for doing programmic login. I read the
> source code of org.apache.catalina.authenticator.SingleSignOn, and
> find that it contains a method called reauthenticate maybe helpful.
>
> protected boolean reauthenticate(String ssoId, Realm realm,
> Request request) {
>
> if (ssoId == null || realm == null)
> return false;
>
> boolean reauthenticated = false;
>
> SingleSignOnEntry entry = lookup(ssoId);
> if (entry != null && entry.getCanReauthenticate()) {
>
> String username = entry.getUsername();
> if (username != null) {
> Principal reauthPrincipal =
> realm.authenticate(username,
> entry.getPassword());
> if (reauthPrincipal != null) {
> reauthenticated = true;
> // Bind the authorization credentials to the request
> request.setAuthType(entry.getAuthType());
> request.setUserPrincipal(reauthPrincipal);
> }
> }
> }
>
> return reauthenticated;
> }
>
> but when I use those code in my application(for example a servlet), it
> could not work. I think I could not get the instance of realm in
> tomcat server.
>
>
> do you have a better idea about programmic login, and how to write it?
>
> Thanks a lot~
> zhu quanxin
>
>
>
> 2007/9/6, Dave <javaone9@(protected)>:
>
>> I think this feature is very basic. Everything should have a programmatic
way.
>>
>> zhu quanxin <zhuquanxin@(protected)> wrote: hi,David,
>>
>> My aim is that tomcat could authenticate users without promoting
>> any login form. I give out the userID and password in the servlet
>> code. when users navagate the servlet page, they would login to tomcat
>> as that userID identity.
>>
>>
>>
>> Thanks a lot!
>> Zhu quanxin
>>
>>
>>
>> 2007/9/6, David Delbecq :
>>
>>> Hi,
>>>
>>> Am not sure to understand what you want to do. You want to login user
>>> without requiring it, ever, to authenticate? That seems to me quite
>>> paradoxal. Maybe you should explain a bit more what you try to achieve...
>>>
>>> ?????? a ??crit :
>>>
>>>> Hi,
>>>>
>>>> I have already enabled the SSO function in server.xml. It could be
>>>> promoted the challenge once when I visit the first webapp and without
>>>> login to all the webapps in the host. But I do not want any login form
>>>> promoted to users. So my point is, how do I write code in a jsp or
>>>> servlet to auto login to the first webapp without the login-form
>>>> promoted to users.
>>>> For example, in websphere application server, the following code
>>>> could be auto login to the server, If we give the right username and
>>>> password pair.
>>>>
>>>> code begin
>>>> -- ---- ---- -----
>>>> LoginContext lc = null;
>>>>
>>>> try {
>>>> lc = new LoginContext("WSLogin",
>>>> new WSCallbackHandlerImpl("userName", "password"));
>>>> } catch (LoginException le) {
>>>> System.out.println("Cannot create LoginContext. " + le.getMessage());
>>>> // Insert the error processing code
>>>> } catch(SecurityException se) {
>>>> System.out.println("Cannot create LoginContext." + se.getMessage());
>>>> // Insert the error processing code
>>>> }
>>>>
>>>> try {
>>>> lc.login();
>>>> } catch (LoginException le) {
>>>> System.out.println("Fails to create Subject. " + le.getMessage());
>>>> // Insert the error processing code
>>>> -- ---- ---- ---
>>>> code end
>>>>
>>>> I do not know if tomcat provide some APIs like the above, and we
>>>> could use the API to programmic login to the tomcat server. and where
>>>> to find the instruction to use the API?
>>>>
>>>>
>>>> Many Thanks!
>>>> Zhu quanxin
>>>>
>>>>
>>>>
>>>> 2007/9/5, David Delbecq :
>>>>
>>>>
>>>>> http://tomcat.apache.org/tomcat-5 (See http://cat-5.ora-code.com).5-doc/config/host.html
>>>>>
>>>>> See section about single-sign. This share credential between webapps.
>>>>>
>>>>> Note: it's not a "programamtic". It just let all your application share
>>>>> a same authentification token. Once you authenticate using J2EE
>>>>> compliant method in application X, it's not necessary to login into
>>>>> other application Y on same host that is also using J2EE compliant
>>>>> authentification mecanism.
>>>>>
>>>>> En l'instant pr??cis du 05/09/07 16:51, ?????? s'exprimait en ces termes:
>>>>>
>>>>>
>>>>>> hi, everyone
>>>>>>
>>>>>> I meet a problem about programmic login. I setup a tomcat server,
>>>>>> and deploy two WAR files (applications) on it. One of the application
>>>>>> A is protected by server authentication, and the other application B
>>>>>> is not. I want to setup a scenario : when user navigates the
>>>>>> application B, he could programmic login to tomcat using username and
>>>>>> password that is coded in the application of B, and then he
>>>>>> navigates the application A in the same browser, he never needs to
>>>>>> response the challenge promoted by application A.
>>>>>>
>>>>>> I would very appreciate if someone could help me.
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Zhu Quanxin
>>>>>>
>>>>>> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
>>>>>> To start a new topic, e-mail: users@(protected)
>>>>>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>>>>>> For additional commands, e-mail: users-help@(protected)
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>> http://www.noooxml.org/
>>>>>
>>>>>
>>>>> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
>>>>> To start a new topic, e-mail: users@(protected)
>>>>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>>>>> For additional commands, e-mail: users-help@(protected)
>>>>>
>>>>>
>>>>>
>>>>>
>>> -- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
>>> To start a new topic, e-mail: users@(protected)
>>> To unsubscribe, e-mail: users-unsubscribe@(protected)
>>> For additional commands, e-mail: users-help@(protected)
>>>
>>>
>>>
>> --
>> ??
>> ????
>>
>> ??????
>>
>>
>>
>> -- ---- ---- ---- ---- ---- -----
>> Be a better Globetrotter. Get better travel answers from someone who knows.
>> Yahoo! Answers - Check it out.
>>
>
>
>
--
http://www.noooxml.org/
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
