On Mar 23, 2009, at 6:34 AM, Leonid Geller wrote:

> While on the topic of programmatic authentication, I would be  
> interested in resin 4.x having native support for web services  
> standards like WS-Security, WS-Trust and ultimately, a recipe for  
> SSO integration. Of course, I can always grab a framework like  
> OpenSSO and drop it into resin container, but having the capability  
> available in resin and particularly supported by hessian would allow  
> to inject web security services into our existing applications  
> without significant refactoring, keep existing streamlined workflow  
> and architecture.

I've added this as http://bugs.caucho.com/view.php?id=3411.

It will not be in 4.0.0, because 4.0.0 is feature-frozen.  So it would  
be in 4.0.1.

-- Scott

>
>
> -Leonid
>
>
> -----Original Message-----
> From: resin-interest-boun...@caucho.com 
> [mailto:resin-interest-boun...@caucho.com 
> ] On Behalf Of Jeff Schnitzer
> Sent: Saturday, March 21, 2009 2:49 PM
> To: General Discussion for the Resin application server
> Subject: Re: [Resin-interest] Remote & programmatic authentication
>
> I have only spent a little while browsing through the Resin code, so
> apologies in advance if I'm misunderstanding something.  I'd love to
> see something like:
>
> AbstractLogin.authenticate(HttpServletRequest request, Principal user,
> String credential) throws LoginException
>
> I just need any method that takes a user and password, checks it
> against the normal authentication SPI, and (if successful) registers
> the credentials to the container.
>
> I don't think I would need to customize the Login class.  I wouldn't
> be using any of the j2ee standard auth mechanisms, just programmatic
> authentication, so I'm guessing I could have a BasicLogin and just
> never use it.  As long as I can call the auth method from my normal
> webapp I'll be fine.
>
> BTW we are porting the opensource SubEthaMail over to Resin right now
> (http://subetha.tigris.org/).  If we succeed, you might want to use it
> for this mailing list!
>
> Jeff
>
> On Fri, Mar 20, 2009 at 10:15 AM, Scott Ferguson <f...@caucho.com>  
> wrote:
>>
>> On Mar 19, 2009, at 8:30 PM, Jeff Schnitzer wrote:
>>
>>> The problem is, j2ee automatic authentication is nearly useless.
>>
>> Correct.
>>
>>> It doesn't allow for autologin cookies nor does it allow me to  
>>> sign up
>>> new users - they would have to then log in again.  It blows my mind
>>> that a decade later the servlet spec hasn't addressed these simple
>>> needs.
>>
>> Yep.  Almost as bizarre as not having multipart/mime (upload)  
>> support.
>>
>> Resin 4.0 has refactored Resin's login/authentication (because our  
>> old
>> model really didn't make much sense.)
>>
>> The new Login handles servlet/http interaction and the Authenticator
>> handles pure user/credentials (the old model mixed the two concepts
>> into the old ServletAuthenticator.)  So, the capabilities you're
>> looking for would be added to a Login class.  I don't know if you're
>> looking for customizing the Login, or if you want a more general
>> capability in our AbstractLogin.
>>
>> Since the new configuration uses Java DI, your application can grab
>> the login.  The configuration looks like:
>>
>>  <sec:BasicLogin/>
>>
>> And then you could use
>>
>>  @Current AbstractLogin _login;
>>
>> Or
>>
>>  @Current BasicLogin _login;
>>
>> (At present, the Login interface itself wouldn't be useful from a
>> programmatic standpoint, while we could add methods to  
>> AbstractLogin.)
>>
>> -- Scott
>>
>>>
>>>
>>> I need a way, in my web app, to programmatically say to the  
>>> container
>>> "authenticate as this user/pass".  Then these credentials will be  
>>> used
>>> for further calls into the EJB tier or for responding to
>>> HttpServletRequest.isUserInRole() calls.  Of course at the SPI level
>>> these will end up calling into my Resin Authenticator.
>>>
>>> This is a pretty common problem, there must be a Resin way to do it.
>>> In JBoss5, it looks like this:
>>>
>>> SecurityClient securityClient =
>>> SecurityClientFactory.getSecurityClient();
>>> securityClient.setSimple("user", "password");
>>> securityClient.login();
>>>
>>> Thanks,
>>> Jeff
>>>
>>> On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com
>>>> wrote:
>>>>
>>>>> #2 is still a mystery to me.  I'm in a servlet, how do I
>>>>> programmatically tell the container to "log me in" with a username
>>>>> and
>>>>> password?
>>>>>
>>>> This page has a good overview of how to do it:
>>>>
>>>> http://www.informit.com/articles/article.aspx?p=24253&seqNum=7
>>>>
>>>> So you set up your security constraints in your resin.xml and
>>>> reference
>>>> a custom authenticator inside the login-config.  The create your
>>>> custom
>>>> authenticator by AbstractAuthenticator.
>>>>
>>>> Note the code in the example is referencing:
>>>> com.caucho.server.http.AbstractAuthenticator but I think you want  
>>>> to
>>>> extend com.caucho.server.AbstractAuthenticator instead, as I think
>>>> the
>>>> .http. version is deprecated.
>>>>
>>>> - Aaron
>>>>
>>>>
>>>> _______________________________________________
>>>> resin-interest mailing list
>>>> resin-interest@caucho.com
>>>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>>>
>>>
>>>
>>> _______________________________________________
>>> resin-interest mailing list
>>> resin-interest@caucho.com
>>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>
>>
>>
>> _______________________________________________
>> resin-interest mailing list
>> resin-interest@caucho.com
>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to