On Mar 21, 2009, at 11:49 AM, Jeff Schnitzer wrote:
I have only spent a little while browsing through the Resin code, so
apologies in advance if I'm misunderstanding something. I'd love to
see something like:
AbstractLogin.authenticate(HttpServletRequest request, Principal user,
String
While on that topic... I have been fighting through the years, since
version 3.2, to get the servlet spec. to improve the security part but
well, not very successfully one could say. I guess not being famous or
working for a mega-vendor does not help :).
Bitching at forums and blogs
On Mar 19, 2009, at 8:30 PM, Jeff Schnitzer wrote:
The problem is, j2ee automatic authentication is nearly useless.
Correct.
It doesn't allow for autologin cookies nor does it allow me to sign up
new users - they would have to then log in again. It blows my mind
that a decade later the
On Mar 19, 2009, at 2:08 PM, Jeff Schnitzer wrote:
First of all, I'd just like to say wow, I'm happy to re-discover Resin
- I recall using it briefly in 2002 and I'm impressed with what you've
been doing since. It's a sharp contrast to the progress of JBoss,
which has sadly become a
What's the best way to lobby them? I love the new IoC stuff.
-Aaron
On Mar 19, 2009, at 2:08 PM, Jeff Schnitzer wrote:
First of all, I'd just like to say wow, I'm happy to re-discover Resin
- I recall using it briefly in 2002 and I'm impressed with what you've
been doing since. It's a
Answering my own question #1, I found the
HessionProxyFactory.setUser() and setPassword() methods. Great.
#2 is still a mystery to me. I'm in a servlet, how do I
programmatically tell the container to log me in with a username and
password?
Thanks,
Jeff
On Thu, Mar 19, 2009 at 2:08 PM, Jeff
#2 is still a mystery to me. I'm in a servlet, how do I
programmatically tell the container to log me in with a username and
password?
This page has a good overview of how to do it:
http://www.informit.com/articles/article.aspx?p=24253seqNum=7
So you set up your security constraints in
Thanks, but that is not what I'm looking for. The document describes
building an authentication source and using automatic authentication
(aka web.xml security constraints).
The problem is, j2ee automatic authentication is nearly useless. It
doesn't allow for autologin cookies nor does it allow
I need a way, in my web app, to programmatically say to the container
authenticate as this user/pass. Then these credentials will be used
for further calls into the EJB tier or for responding to
HttpServletRequest.isUserInRole() calls. Of course at the SPI level
these will end up calling into