--- On Tue, 4/19/11, anyz <anyz...@gmail.com> wrote:
> From: anyz <anyz...@gmail.com>
> Subject: Re: Getting User Password from Subject
> To: "Jetspeed Users List" <jetspeed-user@portals.apache.org>
> Date: Tuesday, April 19, 2011, 10:08 AM
> Since i need to do it in servlet here
> how i tried:
>
> Engine engine = Jetspeed.getEngine();
> UserManager userManager =
> (UserManager)engine.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");
>
> Similalry i got AuthenticationProvider and then used its
> method
> Authenticate. Passed username and entered password to
> authenticate. This way
> if password is correct user is authenticated thus password
> re-validation
> successfull..
>
> Is it correct way to do? Though if i have decoded password
> in session it
> will more efficient to check instead of calling J2 services
> to authenticate.
Passwords are stored by one-way hash encryption to keep those well-protected
(read encrypted). It's not possible to have decoded values and not recommended
to do so.
Woonsan
>
> Thanks
>
>
> On Tue, Apr 19, 2011 at 11:37 AM, anyz <anyz...@gmail.com>
> wrote:
>
> > Thanks it worked. But it returns encoded password.
> Actually there is
> > scenario when i ask user for his passowrd before
> performing certain action.
> > I plan to store the current user password at logon
> time in session and later
> > when ever re-validation is required just match
> the entered password with
> > one in session.
> >
> > For this either i need to decode password found
> through PasswordCredential
> > or i have to encode palin password entered by user.
> >
> > Thanks
> >
> >
> > On Mon, Apr 18, 2011 at 8:36 PM, Woonsan Ko <woon_...@yahoo.com>
> wrote:
> >
> >> You can use the following instead:
> >>
> org.apache.jetspeed.security.UserManager#getPasswordCredential(User
> user);
> >>
> org.apache.jetspeed.security.UserManager#getUser(String
> userName);
> >>
> >> Woonsan
> >>
> >> --- On Mon, 4/18/11, anyz <anyz...@gmail.com>
> wrote:
> >>
> >> > From: anyz <anyz...@gmail.com>
> >> > Subject: Getting User Password from Subject
> >> > To: "Jetspeed Users List" <jetspeed-user@portals.apache.org>
> >> > Date: Monday, April 18, 2011, 9:18 AM
> >> > I need to get user password from
> >> > javax.security.auth.Subject and set in
> >> > session. I noted we can use
> >> >
> SecurityHelper.getPasswordCredential().getPassword() for
> >> > this. However its
> >> > not available in jetspeed-security-2.2.1
> version that i
> >> > think is appropriate
> >> > version to use with Jetspeed 2.2.1.
> >> >
> >> > Is SecurityHelper moved some where else or is
> there other
> >> > way to go. I could
> >> > not find out.
> >> >
> >> > Thanks
> >> >
> >>
> >>
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
> >> For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
> >>
> >>
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org
For additional commands, e-mail: jetspeed-user-h...@portals.apache.org
