RE: automatic login
Hi Craig, Could you please send the URL for the UML diagrams, I could not find them. Thanks. Jim. -Original Message- From: Mats Nyberg [mailto:[EMAIL PROTECTED]] Sent: 10 May 2002 20:42 To: Tomcat Users List Subject: Re: automatic login Craig R. McClanahan wrote: On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 20:00:51 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: automatic login locking myself in is no problem; this is an app running on a collegue's (peter antman @ jboss) heavily patched version of a JBoss 2.something loaded with tomcat and jboss dependencies. do you know the internals of the accessinterceptor/authentification process in tomcat? I'd *better* know it, because I wrote it ... :-) straight to the source, huh ;) Look in package org.apache.catalina.authenticator in the Tomcat source code for the implementation classes that implement the various login methods. using 3.2, dude :( You'll need to understand quite a bit about Tomcat's internal architecture for this to work I do -- there are some UML diagrams and such stuff in the Catalina Documentation part of the tomcat-docs webapp. However, I'm afraid that I'm not going to be able to assist you any, due to time constraints. hey, i know i'm on a seller's market here ;) got an idea, though. I'll be back by the way, vincenzo: your idea worked - will write HOWTO for the list Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
Hi Use the following Webster.www.ambysoft.com Regards Velmurgan P. - Original Message - From: Collins, Jim [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, May 14, 2002 2:03 PM Subject: RE: automatic login Hi Craig, Could you please send the URL for the UML diagrams, I could not find them. Thanks. Jim. -Original Message- From: Mats Nyberg [mailto:[EMAIL PROTECTED]] Sent: 10 May 2002 20:42 To: Tomcat Users List Subject: Re: automatic login Craig R. McClanahan wrote: On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 20:00:51 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: automatic login locking myself in is no problem; this is an app running on a collegue's (peter antman @ jboss) heavily patched version of a JBoss 2.something loaded with tomcat and jboss dependencies. do you know the internals of the accessinterceptor/authentification process in tomcat? I'd *better* know it, because I wrote it ... :-) straight to the source, huh ;) Look in package org.apache.catalina.authenticator in the Tomcat source code for the implementation classes that implement the various login methods. using 3.2, dude :( You'll need to understand quite a bit about Tomcat's internal architecture for this to work I do -- there are some UML diagrams and such stuff in the Catalina Documentation part of the tomcat-docs webapp. However, I'm afraid that I'm not going to be able to assist you any, due to time constraints. hey, i know i'm on a seller's market here ;) got an idea, though. I'll be back by the way, vincenzo: your idea worked - will write HOWTO for the list Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
Mats Nyberg wrote: Craig R. McClanahan wrote: On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 20:00:51 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: automatic login locking myself in is no problem; this is an app running on a collegue's (peter antman @ jboss) heavily patched version of a JBoss 2.something loaded with tomcat and jboss dependencies. do you know the internals of the accessinterceptor/authentification process in tomcat? I'd *better* know it, because I wrote it ... :-) straight to the source, huh ;) Look in package org.apache.catalina.authenticator in the Tomcat source code for the implementation classes that implement the various login methods. using 3.2, dude :( You'll need to understand quite a bit about Tomcat's internal architecture for this to work I do -- there are some UML diagrams and such stuff in the Catalina Documentation part of the tomcat-docs webapp. However, I'm afraid that I'm not going to be able to assist you any, due to time constraints. hey, i know i'm on a seller's market here ;) got an idea, though. I'll be back by the way, vincenzo: your idea worked - will write HOWTO for the list No doubt Mats ;) we use it in a production site :) The only potential flaw is that if you look in your browser's cache you may find the authentication form filled with username and password and that's a problem in a shared computer environment. This happens only if you perform your redirect in jsp page, maybe server-side redirecting can avoid this. Didn't try. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- I imagine bugs and girls have a dim perception that nature played a cruel trick on them, but they lack the intelligence to really comprehend the magnitude of it. -- Calvin - Vincenzo Marchese ARSRETIA S.r.l. Via D. Sansotta, 97 00144 Roma (IT) e-mail: [EMAIL PROTECTED] Tel.: +39 06 52270097 Fax: +39 06 52272313 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
Vincenzo Marchese wrote: by the way, vincenzo: your idea worked - will write HOWTO for the list No doubt Mats ;) we use it in a production site :) The only potential flaw is that if you look in your browser's cache you may find the authentication form filled with username and password and that's a problem in a shared computer environment. This happens only if you perform your redirect in jsp page, maybe server-side redirecting can avoid this. Didn't try. hi vincenzo, yes i have thought about the security problem, and it's real :( this is the advantage of this sollution. if you're willing to lock yourself in [Craig] you can login to tomcat by setting the session attributes j_username and j_password (at least in 3.2, probably 3.x series). then the accessinterceptor will let you through and the realm manager considders you logged in and will assign you the proper roles as well. this might however not be portable to catalina/tomcat4 or other servlet servers but works for my application. server-side woun't work. the redirect ploy hinges upon the fact that it is the browser that submits the form. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
Have you tried redirecting with an automatic post to your protected location with some javascript like: document.forms[authform].submit(); obviously after filling the form with the code you wrote down below. You can control in form-login page if you come from a registration procedure and then do the automatic post. Mats Nyberg wrote: friends, cohorts; have an application involving user registration and declarative authorization. in the end of an user registration i want the newly created user also to be logged in without providing a now you can use your new id and password to log in-screen. HOWTO? i vanely thought something like -snip- would do and now after some days in the mud i thought i'd swallow my pride and ask; how do one do this? regards snip % session.setAttribute(tomcat.auth.originalLocation, /protected/xxx.jsp); % form method=POST action=j_security_check Username: input type=hidden name=j_username value=%= userId %br Password: input type=hidden name=j_password value=%= password %br br input type=submit value=login name=j_security_check /form ---snip -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Know what I pray for? The strength to change what I can, the inability to accept what I can't and the incapacity to tell the difference.-- Calvin - Vincenzo Marchese ARSRETIA S.r.l. Via D. Sansotta, 97 00144 Roma (IT) e-mail: [EMAIL PROTECTED] Tel.: +39 06 52270097 Fax: +39 06 52272313 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
thanks for your reply vincenzo, the problem is however not to get the form sent but rather to get tomcat/the auth.interceptor to bite. to this sollution i get a 404 /j_security_check not found after another moment of contemplation... perhapps you mean that 1. in unprotected page set session attribute my.alltogether.made.up to newlyRegisterredUser 2. go to protected page (which obviously sends me to login page 3. in login page: if(newlyRegisterredUser.equals(session.getAttribute(my.alltogether.made.up))) fill form with user details and submit and thta this would do the trick? I'll try for sure, thanx again, I'll get back to you with tales of success. Vincenzo Marchese wrote: Have you tried redirecting with an automatic post to your protected location with some javascript like: document.forms[authform].submit(); obviously after filling the form with the code you wrote down below. You can control in form-login page if you come from a registration procedure and then do the automatic post. Mats Nyberg wrote: friends, cohorts; have an application involving user registration and declarative authorization. in the end of an user registration i want the newly created user also to be logged in without providing a now you can use your new id and password to log in-screen. HOWTO? i vanely thought something like -snip- would do and now after some days in the mud i thought i'd swallow my pride and ask; how do one do this? regards snip % session.setAttribute(tomcat.auth.originalLocation, /protected/xxx.jsp); % form method=POST action=j_security_check Username: input type=hidden name=j_username value=%= userId %br Password: input type=hidden name=j_password value=%= password %br br input type=submit value=login name=j_security_check /form ---snip -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
Mats Nyberg wrote: thanks for your reply vincenzo, the problem is however not to get the form sent but rather to get tomcat/the auth.interceptor to bite. to this sollution i get a 404 /j_security_check not found after another moment of contemplation... perhapps you mean that 1. in unprotected page set session attribute my.alltogether.made.up to newlyRegisterredUser 2. go to protected page (which obviously sends me to login page 3. in login page: if(newlyRegisterredUser.equals(session.getAttribute(my.alltogether.made.up))) fill form with user details and submit That's exactly what I meant ;) and thta this would do the trick? I'll try for sure, thanx again, I'll get back to you with tales of success. Hope so Vincenzo Marchese wrote: Have you tried redirecting with an automatic post to your protected location with some javascript like: document.forms[authform].submit(); obviously after filling the form with the code you wrote down below. You can control in form-login page if you come from a registration procedure and then do the automatic post. Mats Nyberg wrote: friends, cohorts; have an application involving user registration and declarative authorization. in the end of an user registration i want the newly created user also to be logged in without providing a now you can use your new id and password to log in-screen. HOWTO? i vanely thought something like -snip- would do and now after some days in the mud i thought i'd swallow my pride and ask; how do one do this? regards snip % session.setAttribute(tomcat.auth.originalLocation, /protected/xxx.jsp); % form method=POST action=j_security_check Username: input type=hidden name=j_username value=%= userId %br Password: input type=hidden name=j_password value=%= password %br br input type=submit value=login name=j_security_check /form ---snip -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- But I don't like Spam - Vincenzo Marchese ARSRETIA S.r.l. Via D. Sansotta, 97 00144 Roma (IT) e-mail: [EMAIL PROTECTED] Tel.: +39 06 52270097 Fax: +39 06 52272313 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 12:03:07 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: automatic login friends, cohorts; have an application involving user registration and declarative authorization. in the end of an user registration i want the newly created user also to be logged in without providing a now you can use your new id and password to log in-screen. HOWTO? i vanely thought something like -snip- would do and now after some days in the mud i thought i'd swallow my pride and ask; how do one do this? There is no portable mechanism in the current servlet API to do this for container-managed security. You will have to either modify your copy of Tomcat (and therefore be locked in), or use application-managed security instead. regards Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
locking myself in is no problem; this is an app running on a collegue's (peter antman @ jboss) heavily patched version of a JBoss 2.something loaded with tomcat and jboss dependencies. do you know the internals of the accessinterceptor/authentification process in tomcat? Craig R. McClanahan wrote: On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 12:03:07 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: automatic login friends, cohorts; have an application involving user registration and declarative authorization. in the end of an user registration i want the newly created user also to be logged in without providing a now you can use your new id and password to log in-screen. HOWTO? i vanely thought something like -snip- would do and now after some days in the mud i thought i'd swallow my pride and ask; how do one do this? There is no portable mechanism in the current servlet API to do this for container-managed security. You will have to either modify your copy of Tomcat (and therefore be locked in), or use application-managed security instead. regards Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 20:00:51 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: automatic login locking myself in is no problem; this is an app running on a collegue's (peter antman @ jboss) heavily patched version of a JBoss 2.something loaded with tomcat and jboss dependencies. do you know the internals of the accessinterceptor/authentification process in tomcat? I'd *better* know it, because I wrote it ... :-) Look in package org.apache.catalina.authenticator in the Tomcat source code for the implementation classes that implement the various login methods. You'll need to understand quite a bit about Tomcat's internal architecture for this to work -- there are some UML diagrams and such stuff in the Catalina Documentation part of the tomcat-docs webapp. However, I'm afraid that I'm not going to be able to assist you any, due to time constraints. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: automatic login
Craig R. McClanahan wrote: On Fri, 10 May 2002, Mats Nyberg wrote: Date: Fri, 10 May 2002 20:00:51 +0200 From: Mats Nyberg [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: automatic login locking myself in is no problem; this is an app running on a collegue's (peter antman @ jboss) heavily patched version of a JBoss 2.something loaded with tomcat and jboss dependencies. do you know the internals of the accessinterceptor/authentification process in tomcat? I'd *better* know it, because I wrote it ... :-) straight to the source, huh ;) Look in package org.apache.catalina.authenticator in the Tomcat source code for the implementation classes that implement the various login methods. using 3.2, dude :( You'll need to understand quite a bit about Tomcat's internal architecture for this to work I do -- there are some UML diagrams and such stuff in the Catalina Documentation part of the tomcat-docs webapp. However, I'm afraid that I'm not going to be able to assist you any, due to time constraints. hey, i know i'm on a seller's market here ;) got an idea, though. I'll be back by the way, vincenzo: your idea worked - will write HOWTO for the list Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]