On Mar 19, 2009, at 8:30 PM, Jeff Schnitzer wrote:
> The problem is, j2ee automatic authentication is nearly useless.
> It doesn't allow for autologin cookies nor does it allow me to sign up
> new users - they would have to then log in again. It blows my mind
> that a decade later the servlet spec hasn't addressed these simple
Yep. Almost as bizarre as not having multipart/mime (upload) support.
Resin 4.0 has refactored Resin's login/authentication (because our old
model really didn't make much sense.)
The new Login handles servlet/http interaction and the Authenticator
handles pure user/credentials (the old model mixed the two concepts
into the old ServletAuthenticator.) So, the capabilities you're
looking for would be added to a Login class. I don't know if you're
looking for customizing the Login, or if you want a more general
capability in our AbstractLogin.
Since the new configuration uses Java DI, your application can grab
the login. The configuration looks like:
And then you could use
@Current AbstractLogin _login;
@Current BasicLogin _login;
(At present, the Login interface itself wouldn't be useful from a
programmatic standpoint, while we could add methods to AbstractLogin.)
> I need a way, in my web app, to programmatically say to the container
> "authenticate as this user/pass". Then these credentials will be used
> for further calls into the EJB tier or for responding to
> HttpServletRequest.isUserInRole() calls. Of course at the SPI level
> these will end up calling into my Resin Authenticator.
> This is a pretty common problem, there must be a Resin way to do it.
> In JBoss5, it looks like this:
> SecurityClient securityClient =
> securityClient.setSimple("user", "password");
> On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com
> > wrote:
>>> #2 is still a mystery to me. I'm in a servlet, how do I
>>> programmatically tell the container to "log me in" with a username
>> This page has a good overview of how to do it:
>> So you set up your security constraints in your resin.xml and
>> a custom authenticator inside the login-config. The create your
>> authenticator by AbstractAuthenticator.
>> Note the code in the example is referencing:
>> com.caucho.server.http.AbstractAuthenticator but I think you want to
>> extend com.caucho.server.AbstractAuthenticator instead, as I think
>> .http. version is deprecated.
>> - Aaron
>> resin-interest mailing list
> resin-interest mailing list
resin-interest mailing list