Thanks to you and Jason both.
I think I haven't framed the question correctly. Anyway, I'm highlighting
the points once again that I want to clarify.
1. I want use security realms talked in j2ee and as provided by weblogic 5.1
,too.
2. In using security realm, we can specify different accesses of groups and
users to the particular servlet or JSP.In that scenario, normally browser
promts for authentication and uses that authentication thru out the session
for authorization to particular realm as and when required.
3. At the same time, the login procedure I'm using is form based. And don't
want that browser will pop up ugly dialog box for authentication. In stead,
the authentication supplied at the time of log in is supplied
programatically(or whatever way may be) to the server for authorization as
and when asked by the realm.
4. I have once again gone thru the avaliable edition of Jason's book(not
latest one). And found what that book talking about setting particular flag
and using that flag programatically to check whther the user have logged in
or not. But that doesn't talk about the authorization thru security realm.
That is a user logged in doesn't mean he is allowed to access the
particular servlet. This is a obvious scenarion when you are restricting
some resources , say to public users-- only user paying for the service may
be allowed only. And once again using security realm that can be done very
easily as there is a concept of giving ceratin access to groups so that we
can make some groups and whenever the users are registered, we can include
them into particular group. But the only problem is that server(actually
ream) will ask browser to give the authentication and browser will either
give the login user has provided at the login time or if hasn't provide yet
then prompt for authentication for particular realm. And I want to avoid
that and would like to supply credentials supplied by user in form based
login whenever realm asks for authentication.
Is that possible?
Hope I have clarified my question correctly.
Thanks and Regards,
Sudarson
> ----------
> From: Mark Galbreath[SMTP:[EMAIL PROTECTED]]
> Reply To: Mark Galbreath
> Sent: Sunday, April 15, 2001 4:23 AM
> To: [EMAIL PROTECTED]
> Subject: Re: How to supply credentials for J2ee Security Realm in
> form b ased authentications of web based application
>
> Then you need to refine your question. As you state your need,
> the reference to Jason's book should cover exactly what you are
> trying to do.
>
> Cheers!
> Mark
>
> ----- Original Message -----
> From: "Sudarson_Pratihar" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, April 14, 2001 5:42 AM
> Subject: Re: How to supply credentials for J2ee Security Realm in
> form b ased authentications of web based application
>
>
> > Is it the book of oreilly publications? If not, pls tell me
> whether the soft
> > copy of the book is availble in web.
> >
> > If it is the oreilly one, I haven't find any feasible solution.
> > > ----------
> > > From: Mark Galbreath[SMTP:[EMAIL PROTECTED]]
> > > Reply To: Mark Galbreath
> > > Sent: Saturday, April 14, 2001 12:47 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: How to supply credentials for J2ee
> Security Realm in
> > > form based authentications of web based
> application
> > >
> > > See Jason Hunter's "Java Servlet Programming," pp. 227ff.
> > >
> > > Cheers!
> > > Mark
> > >
> > > ----- Original Message -----
> > > From: "Sudarson_Pratihar" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Friday, April 13, 2001 2:00 AM
> > > Subject: How to supply credentials for J2ee Security Realm in
> > > form based authentications of web based application
> > >
> > >
> > > > Hi All,
> > > >
> > > > As we all know that in in J2EE we can set acls also to
> servlets
> > > , jsps. And
> > > > the credentials is supplied by browser in case of web based
> > > application. And
> > > > that is only possible if we use authentication process of
> > > browser, so that
> > > > browser will pop up authentication dialog box for
> particular
> > > realm. But if
> > > > I'm using a formbased authentication(as it is for
> comfortable
> > > for end
> > > > users), how can I pass the credentials and how can maintain
> the
> > > credentials
> > > > over the entire session so that whenver web server asks for
> the
> > > > authentications for authorizng the user to access the
> servlet
> > > or jsp, the
> > > > credentials will be supplied. So that browser won't pop up
> > > dialog box.
> > > >
> > > >
> > > > One more point, if cetificate based authentication is being
> > > used, how to use
> > > > for the realms.
> > > >
> > > > Pls do give your suggestion.
> > > >
> > > > Thnaks and Regards,
> > > > Sudarson
> > > >
> > > >
> > >
> _________________________________________________________________
> > > __________
> > > > To unsubscribe, send email to [EMAIL PROTECTED] and
> include
> > > in the body
> > > > of the message "signoff SERVLET-INTEREST".
> > > >
> > > > Archives:
> > > http://archives.java.sun.com/archives/servlet-interest.html
> > > > Resources:
> > > http://java.sun.com/products/servlet/external-resources.html
> > > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > > >
> > >
> > >
> _________________________________________________________________
> _________
> > > _
> > > To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the
> > > body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives:
> http://archives.java.sun.com/archives/servlet-interest.html
> > > Resources:
> http://java.sun.com/products/servlet/external-resources.html
> > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > >
> >
> >
> _________________________________________________________________
> __________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives:
> http://archives.java.sun.com/archives/servlet-interest.html
> > Resources:
> http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
>
> __________________________________________________________________________
> _
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
