We accomplish this by grabbing an instance of HttpSession from the request
via request.getSession(), casting that to resin's SessionImpl, and calling
the login() method on that impl. Your controller can lift the username and
password out of the request and pass them in to the login method, which will
then rely on whatever FormLogin and Authenticator you have configured.
We use a custom Authenticator and lifted the persistent cookie code out of
the JdbcAuthenticator in order to provide authentication via a persistent
cookie without requiring the user re-enter their credentials. We also use a
custom FormLogin that can both provide standard form authentication and HTTP
basic authentication via one class. Our app consists of both a web client
and a mobile client that communicates to the server via Hessian, so we built
our authenticators and login impls to support the mix of authentication
methods we required.
Our user store is Berkeley DB JE/DPL, so we needed a custom authenticator
that could do what JdbcAuthenticator could, but with a different store.
Aaron Freeman-5 wrote:
>> I need a way, in my web app, to programmatically say to the container
>> "authenticate as this user/pass". Then these credentials will be used
>> for further calls into the EJB tier or for responding to
>> HttpServletRequest.isUserInRole() calls. Of course at the SPI level
>> these will end up calling into my Resin Authenticator.
> Ah, well I haven't used it before but there is a JdbcAuthenticator that
> has a "cookie-auth-query" and "cookie-auth-update" to let you
> automatically log someone in using a persistent cookie. It's still not
> what you are describing below, but may suffice to solve automatic logins
> if that's the end goal.
> Here is a link to some details on the JdbcAuthenticator:
> That link might be out of date though, depending on which version of
> Resin you are using.
> Sorry if this is still on the wrong track .. I'll let the gurus give you
> the answer.
> - Aaron
>> This is a pretty common problem, there must be a Resin way to do it.
>> In JBoss5, it looks like this:
>> SecurityClient securityClient =
>> securityClient.setSimple("user", "password");
>> On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com>
>>>> #2 is still a mystery to me. I'm in a servlet, how do I
>>>> programmatically tell the container to "log me in" with a username and
>>> This page has a good overview of how to do it:
>>> So you set up your security constraints in your resin.xml and reference
>>> a custom authenticator inside the login-config. The create your custom
>>> authenticator by AbstractAuthenticator.
>>> Note the code in the example is referencing:
>>> com.caucho.server.http.AbstractAuthenticator but I think you want to
>>> extend com.caucho.server.AbstractAuthenticator instead, as I think the
>>> .http. version is deprecated.
>>> - Aaron
>>> resin-interest mailing list
>> resin-interest mailing list
> resin-interest mailing list
View this message in context:
Sent from the Resin mailing list archive at Nabble.com.
resin-interest mailing list