Thanks, but that is not what I'm looking for.  The document describes
building an authentication source and using automatic authentication
(aka web.xml security constraints).

The problem is, j2ee automatic authentication is nearly useless.  It
doesn't allow for autologin cookies nor does it allow me to sign up
new users - they would have to then log in again.  It blows my mind
that a decade later the servlet spec hasn't addressed these simple

I need a way, in my web app, to programmatically say to the container
"authenticate as this user/pass".  Then these credentials will be used
for further calls into the EJB tier or for responding to
HttpServletRequest.isUserInRole() calls.  Of course at the SPI level
these will end up calling into my Resin Authenticator.

This is a pretty common problem, there must be a Resin way to do it.
In JBoss5, it looks like this:

SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
securityClient.setSimple("user", "password");


On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <> wrote:
>> #2 is still a mystery to me.  I'm in a servlet, how do I
>> programmatically tell the container to "log me in" with a username and
>> password?
> This page has a good overview of how to do it:
> So you set up your security constraints in your resin.xml and reference
> a custom authenticator inside the login-config.  The create your custom
> authenticator by AbstractAuthenticator.
> Note the code in the example is referencing:
> com.caucho.server.http.AbstractAuthenticator but I think you want to
> extend com.caucho.server.AbstractAuthenticator instead, as I think the
> .http. version is deprecated.
> - Aaron
> _______________________________________________
> resin-interest mailing list

resin-interest mailing list

Reply via email to