We accomplish this by grabbing an instance of HttpSession from the request via request.getSession(), casting that to resin's SessionImpl, and calling the login() method on that impl. Your controller can lift the username and password out of the request and pass them in to the login method, which will then rely on whatever FormLogin and Authenticator you have configured.
We use a custom Authenticator and lifted the persistent cookie code out of the JdbcAuthenticator in order to provide authentication via a persistent cookie without requiring the user re-enter their credentials. We also use a custom FormLogin that can both provide standard form authentication and HTTP basic authentication via one class. Our app consists of both a web client and a mobile client that communicates to the server via Hessian, so we built our authenticators and login impls to support the mix of authentication methods we required. Our user store is Berkeley DB JE/DPL, so we needed a custom authenticator that could do what JdbcAuthenticator could, but with a different store. -tyson Aaron Freeman-5 wrote: > > >> I need a way, in my web app, to programmatically say to the container >> "authenticate as this user/pass". Then these credentials will be used >> for further calls into the EJB tier or for responding to >> HttpServletRequest.isUserInRole() calls. Of course at the SPI level >> these will end up calling into my Resin Authenticator. >> >> > Ah, well I haven't used it before but there is a JdbcAuthenticator that > has a "cookie-auth-query" and "cookie-auth-update" to let you > automatically log someone in using a persistent cookie. It's still not > what you are describing below, but may suffice to solve automatic logins > if that's the end goal. > > Here is a link to some details on the JdbcAuthenticator: > https://www.gopay.com.cn/resin-doc/security/authentication.xtp > > That link might be out of date though, depending on which version of > Resin you are using. > > Sorry if this is still on the wrong track .. I'll let the gurus give you > the answer. > > - Aaron >> This is a pretty common problem, there must be a Resin way to do it. >> In JBoss5, it looks like this: >> >> SecurityClient securityClient = >> SecurityClientFactory.getSecurityClient(); >> securityClient.setSimple("user", "password"); >> securityClient.login(); >> >> Thanks, >> Jeff >> >> On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com> >> wrote: >> >>>> #2 is still a mystery to me. I'm in a servlet, how do I >>>> programmatically tell the container to "log me in" with a username and >>>> password? >>>> >>>> >>> This page has a good overview of how to do it: >>> >>> http://www.informit.com/articles/article.aspx?p=24253&seqNum=7 >>> >>> So you set up your security constraints in your resin.xml and reference >>> a custom authenticator inside the login-config. The create your custom >>> authenticator by AbstractAuthenticator. >>> >>> Note the code in the example is referencing: >>> com.caucho.server.http.AbstractAuthenticator but I think you want to >>> extend com.caucho.server.AbstractAuthenticator instead, as I think the >>> .http. version is deprecated. >>> >>> - Aaron >>> >>> >>> _______________________________________________ >>> resin-interest mailing list >>> resin-interest@caucho.com >>> http://maillist.caucho.com/mailman/listinfo/resin-interest >>> >>> >> >> >> _______________________________________________ >> resin-interest mailing list >> resin-interest@caucho.com >> http://maillist.caucho.com/mailman/listinfo/resin-interest >> > > > _______________________________________________ > resin-interest mailing list > resin-interest@caucho.com > http://maillist.caucho.com/mailman/listinfo/resin-interest > > -- View this message in context: http://www.nabble.com/Remote---programmatic-authentication-tp22609440p22624584.html Sent from the Resin mailing list archive at Nabble.com. _______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
