>>> Ed Wittmann <[EMAIL PROTECTED]> 07-Jul-00 3:52:10 PM >>>
Ed, thanks for explaining further... I still don't really understand
you though.
>We have a separate server (physically), a forums application server.
>Because this is a third-party product, it currently controls it's
>own authentication and access control. We have the option
>to allow the forums to trust the webserver to authenticate users.
>This option requires that the webserver that the forums
>application resides upon set the remote_user variable to the
>userid of the forums user.
Right. The forums app is web based and instead of using the forums
app to do it's own security you can tell it to use a realm of the
webserver it runs under?
If that is the case why don't you just do that? Have the webserver
authenticate the user?
Is it because you want to maintain single sign on across your site?
ie: the user should only authenticate with the app-server (which is a
different host to the forums-webserver).
>Because we use servlets to pass information from one server
>to another on our site,
I'm not sure what you mean by that either... a servlet just responds
to a request from a browser with a response.
Communication between servers is not usually a feature of servlet
behaviour (it can be done of course using RMI or Socket connections
but it's really nothing to do with servlets).
>I can see now that servlets alone can't do that. It looks to me
>like I have to learn some webserver API programming.
>We use Netscape Enterprise server for our webserver.
>NES allows for authentication of various types. Basic, LDAP,
>and user-defined (programmed to the NES api spec) NES does
>have a java api.
You still might not be able to do it because Netscape might only
allow you to provide an authentication algorithm not a means of
altering the details presented (could be considered a security risk).
As far as I understand it what you want to happen is:
1. forum-webserver recieves a request with authentication details
from app server.
2. the webserver authenticates the user
3. the webserver then mangles the username to what the forums app is
expecting
(suffixing a number)
4. the webserver passes on the request to the forums app
The trouble is stage.3. You can easily get your webserver to
authenticate the user... but in order to mangle the username to be
seen by the forums app you will have to alter the WWW-Authenticate
header in the request header BEFORE the request is recieved by the
forums app.
There are some servlet engines that allow you to do this, eg: Jigsaw
and GNU-Paperclips both provide filtering options which allow you to
put objects which alter the request before the target servlet.
However... they only work for servlets.
>I'm going to also post this to the list, so that you
>won't have to go through this again with someone else :)
Thanks... I hope I've explained a little bit more.
Of course I may have completly misunderstood you.
Nic
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
