I am trying to find a way of capturing a user's password so that I can have the user login
to one of my web applications (which acts as a client), and pass it to a second application (which
acts as the server).
I know that I can retrieve the user from the ServletRequest using req.getUserPrincipal(). However, I do not know how I can retrieve the password.
Can anyone offer any advice on whether this can be done and if so, the best way of doing it?
[ I did attempt to use forms-based authentication and use a filter to capture the password whenever the j_security_check action was invoked. However, I read in another post that Tomcat does not allow filters to be placed on j_security_check. ]
Once I have the password, I'd ideally be looking at converting it to a Credentials object, so that I could pass that to my second app, rather than passing the raw password. Does anyone know whether this can be achieved by using Tomcat's UserPasswordCredentials class?
Also, to prevent the password been exposed in the URL posted from the login page, I'd also be
looking to implement SSL. I presume that this will cause encryption problems. Does anyone have any
advice about how I could work around this?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
