"John Trollinger" <[EMAIL PROTECTED]> wrote in message
038a01c2d91f$14fc2e40$fc0110ac@jtrollingerxp">news:038a01c2d91f$14fc2e40$fc0110ac@jtrollingerxp...
> But does this work with Form based authenticaiton and realms... How do
> you let the realm know that the user remembered so the login can be
> bypassed?
If you don't mind being tied to Tomcat, then it is a pretty simple Valve
(I'm assuming that you want 4.x here). Something like:
public class MyAuthValve implements Valve {
private String myInfo = "MyAuthValve/1.0";
private static final String myAuthCookie="MyAuthCookie";
public MyAuthValve() {
}
public String getInfo() {
return myInfo;
}
public void invoke(Request request, Response response, ValveContext
context) {
if( request instanceof HttpRequest ) {
HttpRequest hReq = (HttpRequest)request;
HttpServletRequest req = (HttpServletRequest)
hReq.getRequest();
Cookie [] cookies = req.getCookies();
for(int i=0; i < cookies.length; i++) {
if( myAuthCookie.equals(cookies[i].getName()) ) {
MyPrincipal myPrin = new
MyPrincipal(cookies[i].getValue());
hReq.setUserPrincipal(myPrin);
break;
}
}
}
context.invokeNext(request, response);
}
}
Of course, all of the implementations of all of the "My*" classes are left
to the reader :-).
>
> John
>
> > -----Original Message-----
> > From: Shapira, Yoav [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 20, 2003 3:23 PM
> > To: Tomcat Users List
> > Subject: RE: Form based security and "Remember Me"
> >
> >
> >
> > Howdy,
> > I'm not doing this, and I'm one of those people who cleans
> > their cache every time their browser is closed (12Ghosts auto
> > wash is among the greatest tools I've ever seen for any
> > computing purpose, ever), so Remember Me functionality
> > doesn't typically work for me, but...
> >
> > >Is anyone doing this at all? And if so how?
> >
> > Assuming remember me is a checkbox, e.g.
> > <input type="checkbox" name="rememberUser">Remember Me</input>
> >
> > Then something like:
> > String rememberUserString = request.getParameter("rememeberUser");
> > if((rememebrUserString != null) &&
> > (rememeberUserString.equalsIgnoreCase("true")) {
> > // Create cookie
> > Cookie userInfoCookie = new Cookie(...);
> > response.addCookie(userInfoCookie);
> > }
> >
> > Then other pages in the app attempt to retrieve the cookie (using
> > request.getCookies() and iterating through the cookies. You
> > can retrieve the information in a fairly cross-browser,
> > server-independent way.
> >
> > You can also set attributes in the session
> > (HttpSession.setAttribute("myUserName", username) or
> > whatever) or do it in many other ways.
> >
> > Yoav Shapira
> > Millennium ChemInformatics
> >
> >
> >
> >
> > This e-mail, including any attachments, is a confidential
> > business communication, and may contain information that is
> > confidential, proprietary and/or privileged. This e-mail is
> > intended only for the individual(s) to whom it is addressed,
> > and may not be saved, copied, printed, disclosed or used by
> > anyone else. If you are not the(an) intended recipient,
> > please immediately delete this e-mail from your computer
> > system and notify the sender. Thank you.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
