Daniel Lopez wrote (2007-10-29 18:19):
> I'd like to confirm that this strategy works (with a tiny detail I will
> explain) and I have now an application that is able to authenticate through
> the container in Resin and Tomcat.
>
> The only detail I had to modify is that wherever it reads:
>
> return super.getPasswordDigest(...
>
> it should read
>
> return super.getPasswordDigest().getPasswordDigest(...
>
> The reason being that the class that really performs the encrypting is
> not the authenticator itself but a utility class called PasswordDigest
> that can be accessed through getPasswordDigest().
Just for the record: The
com.caucho.server.security.AbstractAuthenticator has an overloaded
getPasswordDigest() that does just that:
public String getPasswordDigest(HttpServletRequest request,
HttpServletResponse response,
ServletContext app,
String user, String password)
throws ServletException
{
if (_passwordDigest != null)
return _passwordDigest.getPasswordDigest(request, response, app,
user, password);
else
return password;
}
So I still claim the code below is sufficient (at least for Resin 3.0).
Anyway, glad I could help.
/Mattias
>> ...
>>> ...
>>>
>>> public class MyJdbcAuthenticator extends JdbcAuthenticator {
>>> public MyJdbcAuthenticator() {
>>> super.setPasswordDigestRealm(null);
>>> }
>>>
>>> public String getPasswordDigest(HttpServletRequest request,
>>> HttpServletResponse response, ServletContext app, String user, String
>>> password) throws ServletException {
>>> return super.getPasswordDigest(request, response, app, null, password);
>>> }
>>>
>>> public String getPasswordDigest(String password) throws ServletException {
>>> return super.getPasswordDigest(null, null, null, null, password);
>>> }
>>> }
_______________________________________________
resin-interest mailing list
[email protected]
http://maillist.caucho.com/mailman/listinfo/resin-interest
