On Mar 19, 2009, at 8:30 PM, Jeff Schnitzer wrote: > The problem is, j2ee automatic authentication is nearly useless.
Correct. > It doesn't allow for autologin cookies nor does it allow me to sign up > new users - they would have to then log in again. It blows my mind > that a decade later the servlet spec hasn't addressed these simple > needs. Yep. Almost as bizarre as not having multipart/mime (upload) support. Resin 4.0 has refactored Resin's login/authentication (because our old model really didn't make much sense.) The new Login handles servlet/http interaction and the Authenticator handles pure user/credentials (the old model mixed the two concepts into the old ServletAuthenticator.) So, the capabilities you're looking for would be added to a Login class. I don't know if you're looking for customizing the Login, or if you want a more general capability in our AbstractLogin. Since the new configuration uses Java DI, your application can grab the login. The configuration looks like: <sec:BasicLogin/> And then you could use @Current AbstractLogin _login; Or @Current BasicLogin _login; (At present, the Login interface itself wouldn't be useful from a programmatic standpoint, while we could add methods to AbstractLogin.) -- Scott > > > I need a way, in my web app, to programmatically say to the container > "authenticate as this user/pass". Then these credentials will be used > for further calls into the EJB tier or for responding to > HttpServletRequest.isUserInRole() calls. Of course at the SPI level > these will end up calling into my Resin Authenticator. > > This is a pretty common problem, there must be a Resin way to do it. > In JBoss5, it looks like this: > > SecurityClient securityClient = > SecurityClientFactory.getSecurityClient(); > securityClient.setSimple("user", "password"); > securityClient.login(); > > Thanks, > Jeff > > On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com > > wrote: >> >>> #2 is still a mystery to me. I'm in a servlet, how do I >>> programmatically tell the container to "log me in" with a username >>> and >>> password? >>> >> This page has a good overview of how to do it: >> >> http://www.informit.com/articles/article.aspx?p=24253&seqNum=7 >> >> So you set up your security constraints in your resin.xml and >> reference >> a custom authenticator inside the login-config. The create your >> custom >> authenticator by AbstractAuthenticator. >> >> Note the code in the example is referencing: >> com.caucho.server.http.AbstractAuthenticator but I think you want to >> extend com.caucho.server.AbstractAuthenticator instead, as I think >> the >> .http. version is deprecated. >> >> - Aaron >> >> >> _______________________________________________ >> resin-interest mailing list >> resin-interest@caucho.com >> http://maillist.caucho.com/mailman/listinfo/resin-interest >> > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest