Chris, On 7 March 2014 21:43, Christopher Schultz <ch...@christopherschultz.net>wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Neeraj, > > On 3/6/14, 4:34 AM, Neeraj Sinha wrote: > > I have a jsp application and my tomcat version is 7.0.34. > > Authentication is done using *Form based authentication.* > > > > My requirement is as follows: > > > > When user's account gets locked, he has to send a unlock request > > and he gets a link in his registered email id clicking on which > > takes him to unlocking page(let's say *unlock.jsp*) which has 3 > > fields namely*username*, *password* and *unlock_code* and a submit > > button. After submission, once unlocked successfully the user > > should land to home page of the application. > > > > Just to let you know, the main login page of the application is > > *login.jsp* which is configured in *web.xml *and it is called > > whenever any protected resource is requested. It has username and > > password fields and it's action is *j_security_check*. > > > > Now my problem is how to pass unlock_code, the 3rd parameter of > > *unlock.jsp* to *FormAuthenticator *using the action > > *j_security_check*? > > > > I have implementations of *authenticate* method in *LockOutRealm* > > where I would have liked to first check if unlock_code is not null > > and then if yes then would have called backend service to unlock > > the user first(which would have also checked the password matching > > part) and then would have made a call to instantiate > > *UserPrincipal*. I have the implementation of *getPrincipal* method > > in another custom realm. > > > > Is there anyway to pass other parameters apart from username and > > password to > > *FormAuthenticator*(org.apache.catalina.authenticator.FormAuthenticator)? > > > > Quick help/Any reference related to this scenario would be > > appreciated. > > This is not possible using Tomcat's built-in authenticators. > > This is something that is possible using securityfilter (a separate, > open-source product you can find here: > http://securityfilter.sourceforge.net/) > > It's a bit out of date but it works quite well. You can handle > drive-by logins (those without an initial request to a protected page) > and you can allow pass-through request parameters that will be sent-on > to the "post-login" page as you are requesting. > > - -chris > Thanks. Actually I knew about the Securityfilter but probably it doesn't support single sign-on several web application contexts. I need to have single sign-on feature as well. - - Neeraj > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJTGfAnAAoJEBzwKT+lPKRYk54QAKEM5C7qdy8ClEabhE3JmUIY > B/7N6cABjoSXM41NutlxPKydlS09rTaYwKsDjb79m+K5RwH2r0Czd71DIZ6gyLxK > X1UTrpxttZaiD/X83mngT4aYj+Rna/3zpJDLSXkdG3Ey0Od8SL8WAQEFP81VRD9x > xHos3FHca/NzrzPvVx4Vm49OhItntAHjOxQce788r6HGDLvYMbbOH/s8M0nFel2v > zd5YckVk/pxuGnVPBoXCLKjHw1CyOVZPlSCmjzBOgQWvfaTZtSCkU3CrF1EY5kdj > i9wl/QEgWZYDSTxD8YFHe1ciZXsGGtNc2lo+6pvm7jJ9fpnTZ71oIj7PB0atpv0O > 79iTzHjnDx1TNM3TTrsCqGy9vFG7X3+F2hCwo9a/C8F1hdVgQvMdt/3ICMh4PWT7 > +r5ZcikBW+SgW3RWepaE2WLEmlXicWsuyTp5oMu3lcczjxw0terXItjH5vB26ahE > 04aw9VIOwxX1JMvvIKXDDirZZ4J6ngcZcvxBMEG5p1J1CVm0lnt/8DteNDolxhpk > PVSm3I8j/CsRRoQDqEJn7kAti1tgnC85Noh+XEVyjdkPsAau4xr5dZR4fPc00Qby > b3/B08nCHAKfywM67ZUiJS0F2AA+n7IW+Mufs1ClM1qUkjD8xtjadtbijeiD/1xa > yhv59uhy1sYcBs7PmYan > =XzKe > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
