Another approach is to use servlet container (tomcat or whatever) managed auth to authenticate your user and provide a SessionValidator to manage logging in the user to jetspeed/turbine. In this approach you disable the form based login actions altogether by removing them from the appropriate templates.
I think this is probably a better approach in many ways if you don't require the concept of a anonymous user. You can use Digest Auth or whatever for much better security than form based login where your userid and password travel in plain text unless you are using ssl, and the authentication part can be managed by a commonly managed and administrated site wide infrastructure.
Hope that helps some. :)
%regards -tk
At 09:58 AM 10/29/2003 +0200, Youssef Mohammed wrote:
The login action is a turbine action and u need not to define any portlet for login. All what you need to do is to write the client-side script that will get the userid ( throw your ActiveX or whateveer ) and then submit the this form
<form method="POST" > <input name="action" type="hidden" value="JLoginUser"> <input value="" name="username" > <input value="" name="password" > </form>
You can also make the username and password hidden
-----Original Message----- From: Thavutam, Prashanth [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 5:39 PM To: Jetspeed Users List Subject: User authentication
We are currently using an Active X control to get the user Id from Windows, which is used for authentication and for authorization also. No passwords are used. We want to implement the same with portal and found a variable topnav.user_login.enable in JetspeedResources.properties, I understood from the documentation, when it is set to false, logging will be done through login portlet, which I think I can implement it in my own way. I couldn't figure out if there is a portlet existing that I can use or if I need to write a new portlet, how do I configure it. Thanks for any help.
Prashanth
========================================================================
This email message is for the sole use of the intended recipient (s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To reply to our email administrator directly, send an email to [EMAIL PROTECTED] Toys "R" Us, Inc.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
