I am trying to implement a custom Login, that will work regardless of
the Web Container, that we are using.
I want a something more customized than the FORM authentication defined
in the Servlet 2.3 specification. I want to be able for example to
inform a user that the authentication service is unavailable, or that
the username/password does not match, and also being friendly to the
user, and automatically filling the username field with the username he
supplied.
The solution I did see, was to use JAAS. A JAAS LoginModule that will
receive a calllback, that will allow us to pass:
- username
- credential
- ServletRequest
- ServletResponse.
This JAAS Login Module will be responsible to login in the realm of the
WebContainner.
Here is the pseudo code of a customized login action that will receive
the username and password from request, and passes it to the login module:
LoginContext lcContainer = new LoginContext(
"WebContainerLoginModule",
new WebContainnerCallbackHandler(
username,
password,
request, response));
lcContainer.login();
Subject loggedSubject = lcContainer.getSubject();
I have already implemented this for other WebContainner's. For example,
using WebLogic, I can login in the WebLogic's WebContaiiner calling:
weblogic.servlet.security.ServletAuthentication.weak(String username,
String password, HttpServletRequest request)
What I have found in documentation of Tomcat, tell's me that there is no
way to do this. If I want to authenticate in tomcat I must implement a
Valve, or an Authenticator.
--
Bruno Antunes,
Java Software Engineer
email: mailto:[EMAIL PROTECTED]
Phone: +351.21.7994200
Fax : +351.21.7994242
WhatEverSoft - Java Center
Centro de Competencia Java
Praca de Alvalade, 6 - Piso 4
1700-036 Lisboa - Portugal
URL: http://www.whatevernet.com
_____________________________________________________________________
INTERNET MAIL FOOTER
A presente mensagem pode conter informa��o considerada confidencial.
Se o receptor desta mensagem n�o for o destinat�rio indicado, fica
expressamente proibido de copiar ou endere�ar a mensagem a terceiros.
Em tal situa��o, o receptor dever� destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
