Vladimir,
On Mon, Apr 22, 2002 at 03:11:09PM +0900, Joel Rees wrote:
> Vladimir Vanyukov asked
> > I have seen this question here many times and have seen many answers but
> > most of them never really ANSWERED the question. So I figured I'd ask
> > one more time. Is there anyway to programmatically authenticate users?
are you asking if you can call a method in your servlet or JSP that would
force the user to login if they weren't already? If so, no, not directly.
Ideally, you could do something like:
if (req.getRemoteUser() == null){
authenticate(); //this would "pop-up" the login form or box
}
but instead you have to do it as part of an auth-constraint in the web.xml;
for example, what we've done is to put an auth-constraint on a url pattern of
/secure/*
and our authenticateUser() method redirects them to
/secure/go?url=$the_url_they_just_came_from
which forces them to authenticate (using form-based authentication) and then
redirect them back to where they came from without having to declare every
single url pattern in the web.xml; kludgy, but somewhat programmatic. I wish
there was a better way and if someone can show me one in the servlet spec
(without using filters which suffer from the same type of web.xml-itis) I'd be
very, very happy.
> > Example:
> > If I have s simple username/password form somewhere on an unprotected
> > page, how do I use that information (assuming the user filled it out and
> > submitted it) to allow him to view protected pages?
you'd probably want to redirect them to a centralized login page rather than
implement a login form on multiple pages; that the regular servlet spec let's
you do pretty easily using the login-config stanza.
Hope that helps,
Adi
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
