I have only spent a little while browsing through the Resin code, so
apologies in advance if I'm misunderstanding something.  I'd love to
see something like:

AbstractLogin.authenticate(HttpServletRequest request, Principal user,
String credential) throws LoginException

I just need any method that takes a user and password, checks it
against the normal authentication SPI, and (if successful) registers
the credentials to the container.

I don't think I would need to customize the Login class.  I wouldn't
be using any of the j2ee standard auth mechanisms, just programmatic
authentication, so I'm guessing I could have a BasicLogin and just
never use it.  As long as I can call the auth method from my normal
webapp I'll be fine.

BTW we are porting the opensource SubEthaMail over to Resin right now
(http://subetha.tigris.org/).  If we succeed, you might want to use it
for this mailing list!

Jeff

On Fri, Mar 20, 2009 at 10:15 AM, Scott Ferguson <f...@caucho.com> wrote:
>
> On Mar 19, 2009, at 8:30 PM, Jeff Schnitzer wrote:
>
>> The problem is, j2ee automatic authentication is nearly useless.
>
> Correct.
>
>> It doesn't allow for autologin cookies nor does it allow me to sign up
>> new users - they would have to then log in again.  It blows my mind
>> that a decade later the servlet spec hasn't addressed these simple
>> needs.
>
> Yep.  Almost as bizarre as not having multipart/mime (upload) support.
>
> Resin 4.0 has refactored Resin's login/authentication (because our old
> model really didn't make much sense.)
>
> The new Login handles servlet/http interaction and the Authenticator
> handles pure user/credentials (the old model mixed the two concepts
> into the old ServletAuthenticator.)  So, the capabilities you're
> looking for would be added to a Login class.  I don't know if you're
> looking for customizing the Login, or if you want a more general
> capability in our AbstractLogin.
>
> Since the new configuration uses Java DI, your application can grab
> the login.  The configuration looks like:
>
>   <sec:BasicLogin/>
>
> And then you could use
>
>   @Current AbstractLogin _login;
>
> Or
>
>   @Current BasicLogin _login;
>
> (At present, the Login interface itself wouldn't be useful from a
> programmatic standpoint, while we could add methods to AbstractLogin.)
>
> -- Scott
>
>>
>>
>> I need a way, in my web app, to programmatically say to the container
>> "authenticate as this user/pass".  Then these credentials will be used
>> for further calls into the EJB tier or for responding to
>> HttpServletRequest.isUserInRole() calls.  Of course at the SPI level
>> these will end up calling into my Resin Authenticator.
>>
>> This is a pretty common problem, there must be a Resin way to do it.
>> In JBoss5, it looks like this:
>>
>> SecurityClient securityClient =
>> SecurityClientFactory.getSecurityClient();
>> securityClient.setSimple("user", "password");
>> securityClient.login();
>>
>> Thanks,
>> Jeff
>>
>> On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com
>> > wrote:
>>>
>>>> #2 is still a mystery to me.  I'm in a servlet, how do I
>>>> programmatically tell the container to "log me in" with a username
>>>> and
>>>> password?
>>>>
>>> This page has a good overview of how to do it:
>>>
>>> http://www.informit.com/articles/article.aspx?p=24253&seqNum=7
>>>
>>> So you set up your security constraints in your resin.xml and
>>> reference
>>> a custom authenticator inside the login-config.  The create your
>>> custom
>>> authenticator by AbstractAuthenticator.
>>>
>>> Note the code in the example is referencing:
>>> com.caucho.server.http.AbstractAuthenticator but I think you want to
>>> extend com.caucho.server.AbstractAuthenticator instead, as I think
>>> the
>>> .http. version is deprecated.
>>>
>>> - Aaron
>>>
>>>
>>> _______________________________________________
>>> resin-interest mailing list
>>> resin-interest@caucho.com
>>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>>
>>
>>
>> _______________________________________________
>> resin-interest mailing list
>> resin-interest@caucho.com
>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
>


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to