-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Neeraj,
On 3/6/14, 4:34 AM, Neeraj Sinha wrote: > I have a jsp application and my tomcat version is 7.0.34. > Authentication is done using *Form based authentication.* > > My requirement is as follows: > > When user's account gets locked, he has to send a unlock request > and he gets a link in his registered email id clicking on which > takes him to unlocking page(let's say *unlock.jsp*) which has 3 > fields namely*username*, *password* and *unlock_code* and a submit > button. After submission, once unlocked successfully the user > should land to home page of the application. > > Just to let you know, the main login page of the application is > *login.jsp* which is configured in *web.xml *and it is called > whenever any protected resource is requested. It has username and > password fields and it's action is *j_security_check*. > > Now my problem is how to pass unlock_code, the 3rd parameter of > *unlock.jsp* to *FormAuthenticator *using the action > *j_security_check*? > > I have implementations of *authenticate* method in *LockOutRealm* > where I would have liked to first check if unlock_code is not null > and then if yes then would have called backend service to unlock > the user first(which would have also checked the password matching > part) and then would have made a call to instantiate > *UserPrincipal*. I have the implementation of *getPrincipal* method > in another custom realm. > > Is there anyway to pass other parameters apart from username and > password to > *FormAuthenticator*(org.apache.catalina.authenticator.FormAuthenticator)? > > Quick help/Any reference related to this scenario would be > appreciated. This is not possible using Tomcat's built-in authenticators. This is something that is possible using securityfilter (a separate, open-source product you can find here: http://securityfilter.sourceforge.net/) It's a bit out of date but it works quite well. You can handle drive-by logins (those without an initial request to a protected page) and you can allow pass-through request parameters that will be sent-on to the "post-login" page as you are requesting. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTGfAnAAoJEBzwKT+lPKRYk54QAKEM5C7qdy8ClEabhE3JmUIY B/7N6cABjoSXM41NutlxPKydlS09rTaYwKsDjb79m+K5RwH2r0Czd71DIZ6gyLxK X1UTrpxttZaiD/X83mngT4aYj+Rna/3zpJDLSXkdG3Ey0Od8SL8WAQEFP81VRD9x xHos3FHca/NzrzPvVx4Vm49OhItntAHjOxQce788r6HGDLvYMbbOH/s8M0nFel2v zd5YckVk/pxuGnVPBoXCLKjHw1CyOVZPlSCmjzBOgQWvfaTZtSCkU3CrF1EY5kdj i9wl/QEgWZYDSTxD8YFHe1ciZXsGGtNc2lo+6pvm7jJ9fpnTZ71oIj7PB0atpv0O 79iTzHjnDx1TNM3TTrsCqGy9vFG7X3+F2hCwo9a/C8F1hdVgQvMdt/3ICMh4PWT7 +r5ZcikBW+SgW3RWepaE2WLEmlXicWsuyTp5oMu3lcczjxw0terXItjH5vB26ahE 04aw9VIOwxX1JMvvIKXDDirZZ4J6ngcZcvxBMEG5p1J1CVm0lnt/8DteNDolxhpk PVSm3I8j/CsRRoQDqEJn7kAti1tgnC85Noh+XEVyjdkPsAau4xr5dZR4fPc00Qby b3/B08nCHAKfywM67ZUiJS0F2AA+n7IW+Mufs1ClM1qUkjD8xtjadtbijeiD/1xa yhv59uhy1sYcBs7PmYan =XzKe -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
