jack: I noticed you haven't received any responses yet. I was kinda waiting to see is anyone had any bright ideas regarding... catching j_username/j_password for later use within a webapp. I posted a somewhat related question in "Subject: application security gone mad".
Someone (please!) correct me if I'm wrong... rather than hacking something around the login form, storing the j_username/j_password text in the session, ... wouldn't it be cleaner to write your own Realm? Then... access the session security credentials via the Realm? gary... > From: "Jack Bakker" <[EMAIL PROTECTED]> > Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> > Date: Mon, 17 Nov 2003 10:45:42 -0500 > To: <[EMAIL PROTECTED]> > Subject: automate login to other opensource apps > > I have several Struts apps with a form-based single signon using a JNDIRealm > with md5 passwords in openldap. I'm looking to pass username/password used > in Java login to other apps like horde, dotproject, among others for user > convenience. Sync of user account info between db stores used by other > projects aside, what's the best (and most secure) way of trapping the > password in plaintext to pass to other apps ? Seems like it should be a > simple thing to do but getPassword of the Realm doesn't appear to be exposed > ? am I missing something obvious ? > > -- jack > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
