From: Tony S. <to...@ci...> - 2005-06-27 15:05:09
|
Hi Jacque, Not sure if this will help, but I had to do much the same kind of thing and ended up slightly modifying the Jetty JAAS LoginModule to create and initialise a security Principal with the information I needed. The servlet could retrieve the Principal from the request using: System.out.println("USER : " + request.getRemoteUser()); System.out.println("PRINCIPAL: " + request.getUserPrincipal()); MyPrincipal principal = (MyPrincipal) request.getUserPrincipal(); With Greg's new patch for Expect-Continue (yay!) you could then return 'not authenticated' from the servlet - though *really* you should be doing that in the LoginModule, since that's what its there for. Regards Tony -----Original Message----- From: jet...@li... [mailto:jet...@li...] On Behalf Of te...@ja... Sent: 27 June 2005 15:48 To: jet...@li... Subject: Re: [Jetty-support] Re: Authenticating a user from a servlet Thanks for pointing me in the right direction. However, I can't seem to make this work. The request is first handled by a filter which wraps the request into one with j_username and j_password added as parameters and "j_security_check" added into the URL. This modified request is then being processed by the servlet, but when a jSecurityCheck is performed, Jetty ignores the added parameters. I can see that Jetty is performing this check based on org.mortbay.http.HttpRequest which seems to be formed before the changes are made to the javax.servlet.http.HttpServletRequest wrapper in the filter. So, even though I'm inserting the security check data, Jetty ignores it and I'm presented with the login screen. Is there any way around this? Many thanks On Wed, 22 Jun 2005 16:49:19 +0200, "Greg Wilkins" <gr...@mo...> said: > > Unfortunately there is no support in the servlet spec for programatically > authenticating a user. > > But if you use form authentication, Jetty does support a dispatch to > j_security_check in order to fudge this. > > regards > > > te...@ja... wrote: > > I am very new to servlets and Jetty, so please pardon my ignorance. > > > > I am trying to implement a servlet which is a single point of entry for > > a special app that accesses our system. The servlet checks a few things > > and if all is fine authenticates a predefined user (created just for > > this external app), creates a session and redirects the user to other > > pages. > > > > Now, I have most of the stuff working, except for the authentication. > > So, my question is how can I programatically authenticate a user > > (providing user/pass from the servlet) and associate a session with this > > user? > > > > I can see that I could call authenticate() from the UserRealm interface, > > but I'm having a problem how to get this object in my HttpServlet > > implementation. > > > > I'm using Jetty withing JBoss. > > > > Many thanks for your help! > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > > from IBM. Find simple to follow Roadmaps, straightforward articles, > > informative Webcasts and more! Get everything you need to get up to > > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > > _______________________________________________ > > Jetty-support mailing list > > Jet...@li... > > https://lists.sourceforge.net/lists/listinfo/jetty-support > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: Discover Easy Linux Migration Strategies > from IBM. Find simple to follow Roadmaps, straightforward articles, > informative Webcasts and more! Get everything you need to get up to > speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click > _______________________________________________ > Jetty-support mailing list > Jet...@li... > https://lists.sourceforge.net/lists/listinfo/jetty-support ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Jetty-support mailing list Jet...@li... https://lists.sourceforge.net/lists/listinfo/jetty-support |