At 05:56 PM 11/4/2003 +0100, you wrote:
I have a few questions about BASICAuthIFramePortlet, I wonder if anyone can help.
How come its in the src tree in b4 but i cant find it in the jar files ?
No idea. Haven't checked out the latest binaries.
If i redirect to a JSP page, how can one extract the username and password ??
If i modify the source to put them as arguments to the web page e.g. www.webpage.domain?username=xxx?password=xxx The username is null ( have not checked password yet )
Can anyone help me out here ?
First, when using BASIC Authentication, you don't pass the username and password as query parameters. You pass them like this....
<https://cool:[EMAIL PROTECTED]/>https://myusername:[EMAIL PROTECTED]/
Second, my original idea for creating this portlet was to just send it to servers that were protected using BASIC Authentication so, normally, you wouldn't need to extract the username and password. The receiving site would authenticate automatically.
However, if you are sending this to your own webapp and need to extract the information, you can get the username via req.getRemoteUser()
http://java.sun.com/products/servlet/2.3/javadoc/javax/servlet/http/HttpServletRequest.html#getRemoteUser()
I'm not entirely clear on how to extract the password, but that isn't usually necessary since the container performs the authentication. All you generally need to know is the name. However, IBM has an article that might be of interest to you which applies to their portal server (which is based on Jetspeed)...
http://www7b.boulder.ibm.com/wsdd/library/techarticles/0110_gilmore/gilmore.html
....actually, this might give you what you need... http://www.ajsoft.net/Products/WebUtils/xref/net/ajsoft/WebUtils/Security/WebAuthentication.html
Also, you might want to read this bug (enhancement) report describing the use of BasicAuthIFramePortlet...
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18632
Jake
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
