Re: bypassing memory realms
Thanks for your input, everyone. I found that the approached described in this link worked best: http://ostermiller.org/utils/Base64.html The basic idea is to encode the user:pass string in Base 64 and simply add that to the Http header. --- Andreas Probst [EMAIL PROTECTED] wrote: I think this is a browser-intern thing. A person looking over your shoulder could read it. But IE will translate this into a just normal request. There's no difference to a request where IE had asked for credentials. From within your servlet you will not even be able to realize it. On 6 Dec 2002 at 19:04, Andreas Probst wrote: Hi Mike, try http://name:pass@www. How do you know the password? Andreas On 6 Dec 2002 at 8:33, J Doe wrote: Background: Consider two webapps: foo and bar. When a user of foo performs a certain action, foo shares files with bar by calling actions on each other via HTTP. We are being asked to put a memory realm on foo and bar so that users must login. The problem is that now the above system-level communication between foo and bar will break. Question: if one knows the username and password for a webapp, can it be placed on the URL? E.g. http://mydomain.com:8080/foo?username=xpassword=y I've tried this but no luck. More generally, is there a way to do it with the java.net URL class? Any ideas? I realize that perhaps foo and bar could communicate in a different way (RMI, JMS) but that is not really an option for us. thanks, Mike __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
bypassing memory realms
Background: Consider two webapps: foo and bar. When a user of foo performs a certain action, foo shares files with bar by calling actions on each other via HTTP. We are being asked to put a memory realm on foo and bar so that users must login. The problem is that now the above system-level communication between foo and bar will break. Question: if one knows the username and password for a webapp, can it be placed on the URL? E.g. http://mydomain.com:8080/foo?username=xpassword=y I've tried this but no luck. More generally, is there a way to do it with the java.net URL class? Any ideas? I realize that perhaps foo and bar could communicate in a different way (RMI, JMS) but that is not really an option for us. thanks, Mike __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: bypassing memory realms
J Doe writes: Background: Consider two webapps: foo and bar. When a user of foo performs a certain action, foo shares files with bar by calling actions on each other via HTTP. We are being asked to put a memory realm on foo and bar so that users must login. The problem is that now the above system-level communication between foo and bar will break. Question: if one knows the username and password for a webapp, can it be placed on the URL? E.g. http://mydomain.com:8080/foo?username=xpassword=y I've tried this but no luck. More generally, is there a way to do it with the java.net URL class? Any ideas? I realize that perhaps foo and bar could communicate in a different way (RMI, JMS) but that is not really an option for us. thanks, Mike __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Hello Mike, u could use java beans type classes and session attributes get and set between the to webapps. store and check the session id's to insure valid data by using the corresponding session id. i personally would not use the users id and password in the url even if it was private as long as there were other as yet unauthenticated users on the local subnet. and, of course, don't even mention doing this on the public wire (you would be asking to get severely compromised). the memoryRealm would be ok if u MD5 digest the passwords in the otherwise human readable flat ASCII text tomcat-users.xml file but u would prove to be a PITA under load of many simultaneous users (though a low user count would be ok). preferably, use the JDBCRealm which works great 4 me running oracle but u can run mySQL or postgresql and allows queries where the users table can be a fk to some other business logic table. hope this helps, david. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: bypassing memory realms
Hi Mike, try http://name:pass@www. How do you know the password? Andreas On 6 Dec 2002 at 8:33, J Doe wrote: Background: Consider two webapps: foo and bar. When a user of foo performs a certain action, foo shares files with bar by calling actions on each other via HTTP. We are being asked to put a memory realm on foo and bar so that users must login. The problem is that now the above system-level communication between foo and bar will break. Question: if one knows the username and password for a webapp, can it be placed on the URL? E.g. http://mydomain.com:8080/foo?username=xpassword=y I've tried this but no luck. More generally, is there a way to do it with the java.net URL class? Any ideas? I realize that perhaps foo and bar could communicate in a different way (RMI, JMS) but that is not really an option for us. thanks, Mike __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: bypassing memory realms
I think this is a browser-intern thing. A person looking over your shoulder could read it. But IE will translate this into a just normal request. There's no difference to a request where IE had asked for credentials. From within your servlet you will not even be able to realize it. On 6 Dec 2002 at 19:04, Andreas Probst wrote: Hi Mike, try http://name:pass@www. How do you know the password? Andreas On 6 Dec 2002 at 8:33, J Doe wrote: Background: Consider two webapps: foo and bar. When a user of foo performs a certain action, foo shares files with bar by calling actions on each other via HTTP. We are being asked to put a memory realm on foo and bar so that users must login. The problem is that now the above system-level communication between foo and bar will break. Question: if one knows the username and password for a webapp, can it be placed on the URL? E.g. http://mydomain.com:8080/foo?username=xpassword=y I've tried this but no luck. More generally, is there a way to do it with the java.net URL class? Any ideas? I realize that perhaps foo and bar could communicate in a different way (RMI, JMS) but that is not really an option for us. thanks, Mike __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
