Thanks, This is what i am looking for :) (almost i think so)
but I think yet that: "j2ee security is a set of patches to solve in each application" where is the patterns? where is real life? thanks again Hermod Luis 2006/1/30, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > Hi > > Take a look at SecurityFilter. With that you get exactly what you are > looking for. > > Hermod > > -----Original Message----- > From: Luis Gervaso [mailto:[EMAIL PROTECTED] > Sent: Monday, January 30, 2006 11:29 AM > To: Struts Users Mailing List; Tomcat Users List > Subject: Re: Authentication crisis > > > the real problem is that we can't do anything before or after > authentication > > using a filter solve this problem with url pattern j_securty_check > > but this is avoided because this authentication method "must be" equal > basic > authentication? > > this makes real authentication scenarios where we need create user session > with application data an autentic hell, adventages with container-based > applications turn back 0 and we need implements a custom authenticator, > what > i see: i real subproject because security concerns is very important > > ok, this is code of application, but the tomcat architecture avoid us (the > application programmers use the api of authentication in order to use > these > type of methods) because of these jar are in server/lib folder > > how you can see I'm very frustrated with this, > > ok this is J2EE? > > this is simple? > > kindest regards > > > > 2006/1/30, Luis Gervaso <[EMAIL PROTECTED]>: > > > > yes there is an entry in web.xml - security-constraint > > > > and the user is authenticated using doPost() method of LoginServlet > > > > regards > > > > 2006/1/30, deepak < [EMAIL PROTECTED]>: > > > > > > It seems that the request.getUserPrincipal() will return non-null > value > > > only > > > when you request the protected resource secured by > <security-constraint > > > > in > > > web.xml even if the user sent the request has been authenticated. > > > > > > ----- Original Message ----- > > > From: "Luis Gervaso" < [EMAIL PROTECTED]> > > > To: "Struts Users Mailing List" <user@struts.apache.org>; "Tomcat > Users > > > List" < users@tomcat.apache.org> > > > Sent: Saturday, January 28, 2006 2:18 AM > > > Subject: Authentication crisis > > > > > > > > > Hello > > > > > > I need how to put subject information returned of lc.login() in webapp > > > context > > > int order to invoke getUserPrincipal and not retur null > > > > > > LoginServlet.java > > > > > > protected void doPost(HttpServletRequest req, HttpServletResponse res) > > > throws ServletException, IOException { > > > > > > String username = req.getParameter("j_username"); > > > String password = req.getParameter("j_password"); > > > String host = req.getHeader("Host"); > > > MyCallbackHandler cbh = new > > > MyCallbackHandler(username,password,host); > > > try { > > > LoginContext lc = new LoginContext("websecure",cbh); > > > lc.login(); > > > Subject s = lc.getSubject(); > > > log.info(s.getPrincipals().toString()); > > > ses.setAttribute("authcs.subject",lc.getSubject()); > > > //log.info(req.getUserPrincipal().getName()); > > > RequestDispatcher rd = req.getRequestDispatcher ("test.jsp > > > "); > > > rd.forward(req,res); > > > > > > } catch (LoginException e) { > > > e.printStackTrace(); > > > //log.warning(e.getMessage()); > > > } > > > } > > > > > > > > > source: test.jsp > > > <% > > > out.println("User: " + request.getParameter("user") + "<br>"); > > > out.println("Pass (clear): " + request.getParameter("pass") + > > > "<br>"); > > > out.println("User Principal: " + request.getUserPrincipal() + > > > "<br>"); > > > out.println("Remote User: " + request.getRemoteUser()); > > > %> > > > > > > output : test.jsp > > > User: null > > > Pass (clear): null > > > User Principal: null > > > Remote User: null > > > > > > -- > > > Un saludo > > > > > > > > > ------------------------------DISCLAIMER------------------------------ > > > This message is for the named person's use only. It may contain > > > confidential, proprietary or legally privileged information. No > > > confidentiality or privilege is waived or lost by any mistransmission. > > > > > > If you receive this message in error, please immediately delete it and > > > all copies of it from your system, destroy any hard copies of it and > > > notify the sender. You must not, directly or indirectly, use, > disclose, > > > distribute, print, or copy any part of this message if you are not the > > > intended recipient. > > > > > > Lisle Technology Partners Pvt. Ltd. and any of its subsidiaries each > > > reserve the right to monitor all e-mail communications through its > > > networks. > > > > > > Any views expressed in this message are those of the > > > individual sender, except where the message states otherwise and the > > > sender is authorized to state them to be the views of any such entity. > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > -- > > Un saludo > > > > > -- > Un saludo > > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * > > This email with attachments is solely for the use of the individual or > entity to whom it is addressed. Please also be aware that DnB NOR cannot > accept any payment orders or other legally binding correspondence with > customers as a part of an email. > > This email message has been virus checked by the virus programs used > in the DnB NOR Group. > > * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * > * > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Un saludo
