Cathy Young wrote:
> How can a JSP get access to the authenticate method of a request
> interceptor, such as JDBCRealm ?
>
> Is there also a way for a JSP to find out which interceptor is handling
> authentication.
>
In a portable webapp, there is no access to things like this -- the only thing
an application sees is the "side effects" of container-managed authentication:
the request.getRemoteUser(), request.getUserPrincipal(), and
request.isUserInRole() methods start returning useful values.
>
> I want users to enter their userID and password values, add these details to
> the database that JDBCRealm is configured to use, and do an automatic
> authenticate to allow them access to protected parts of the application.
There is no direct mechanism to accomplish the second part of this (have the
user automatically authenticated without having to sign in again with the
username and password they just created).
One possible approach might go something like this:
* In your user setup code, set a special cookie with the user identifier
of the user who was just created.
* Add a special request interceptor ahead of the standard one that
recognized this cookie and automatically authenticated the user
(the normal authentication will be skipped if it has already been done
by a previous interceptor).
However, this is going to be very susceptible to spoofing, unless you built some
reasonable way to validate the returned cookie value. Any solution to this
problem, of course, is also going to be specific to Tomcat.
>
> Thanks,
> Cathy
Craig McClanahan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
