the real problem is that we can't do anything before or after authentication
using a filter solve this problem with url pattern j_securty_check
but this is avoided because this authentication method "must be" equal basic
authentication?
this makes real authentication scenarios where we need create user session
with application data an autentic hell, adventages with container-based
applications turn back 0 and we need implements a custom authenticator, what
i see: i real subproject because security concerns is very important
ok, this is code of application, but the tomcat architecture avoid us (the
application programmers use the api of authentication in order to use these
type of methods) because of these jar are in server/lib folder
how you can see I'm very frustrated with this,
ok this is J2EE?
this is simple?
kindest regards
2006/1/30, Luis Gervaso <[EMAIL PROTECTED]>:
>
> yes there is an entry in web.xml - security-constraint
>
> and the user is authenticated using doPost() method of LoginServlet
>
> regards
>
> 2006/1/30, deepak < [EMAIL PROTECTED]>:
> >
> > It seems that the request.getUserPrincipal() will return non-null value
> > only
> > when you request the protected resource secured by <security-constraint
> > > in
> > web.xml even if the user sent the request has been authenticated.
> >
> > ----- Original Message -----
> > From: "Luis Gervaso" < [EMAIL PROTECTED]>
> > To: "Struts Users Mailing List" <user@struts.apache.org>; "Tomcat Users
> > List" < users@tomcat.apache.org>
> > Sent: Saturday, January 28, 2006 2:18 AM
> > Subject: Authentication crisis
> >
> >
> > Hello
> >
> > I need how to put subject information returned of lc.login() in webapp
> > context
> > int order to invoke getUserPrincipal and not retur null
> >
> > LoginServlet.java
> >
> > protected void doPost(HttpServletRequest req, HttpServletResponse res)
> > throws ServletException, IOException {
> >
> > String username = req.getParameter("j_username");
> > String password = req.getParameter("j_password");
> > String host = req.getHeader("Host");
> > MyCallbackHandler cbh = new
> > MyCallbackHandler(username,password,host);
> > try {
> > LoginContext lc = new LoginContext("websecure",cbh);
> > lc.login();
> > Subject s = lc.getSubject();
> > log.info(s.getPrincipals().toString());
> > ses.setAttribute("authcs.subject",lc.getSubject());
> > //log.info(req.getUserPrincipal().getName());
> > RequestDispatcher rd = req.getRequestDispatcher ("test.jsp
> > ");
> > rd.forward(req,res);
> >
> > } catch (LoginException e) {
> > e.printStackTrace();
> > //log.warning(e.getMessage());
> > }
> > }
> >
> >
> > source: test.jsp
> > <%
> > out.println("User: " + request.getParameter("user") + "<br>");
> > out.println("Pass (clear): " + request.getParameter("pass") +
> > "<br>");
> > out.println("User Principal: " + request.getUserPrincipal() +
> > "<br>");
> > out.println("Remote User: " + request.getRemoteUser());
> > %>
> >
> > output : test.jsp
> > User: null
> > Pass (clear): null
> > User Principal: null
> > Remote User: null
> >
> > --
> > Un saludo
> >
> >
> > ------------------------------DISCLAIMER------------------------------
> > This message is for the named person's use only. It may contain
> > confidential, proprietary or legally privileged information. No
> > confidentiality or privilege is waived or lost by any mistransmission.
> >
> > If you receive this message in error, please immediately delete it and
> > all copies of it from your system, destroy any hard copies of it and
> > notify the sender. You must not, directly or indirectly, use, disclose,
> > distribute, print, or copy any part of this message if you are not the
> > intended recipient.
> >
> > Lisle Technology Partners Pvt. Ltd. and any of its subsidiaries each
> > reserve the right to monitor all e-mail communications through its
> > networks.
> >
> > Any views expressed in this message are those of the
> > individual sender, except where the message states otherwise and the
> > sender is authorized to state them to be the views of any such entity.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> Un saludo
--
Un saludo
