On Mar 19, 2009, at 8:30 PM, Jeff Schnitzer wrote:
> The problem is, j2ee automatic authentication is nearly useless.
Correct.
> It doesn't allow for autologin cookies nor does it allow me to sign up
> new users - they would have to then log in again. It blows my mind
> that a decade later the servlet spec hasn't addressed these simple
> needs.
Yep. Almost as bizarre as not having multipart/mime (upload) support.
Resin 4.0 has refactored Resin's login/authentication (because our old
model really didn't make much sense.)
The new Login handles servlet/http interaction and the Authenticator
handles pure user/credentials (the old model mixed the two concepts
into the old ServletAuthenticator.) So, the capabilities you're
looking for would be added to a Login class. I don't know if you're
looking for customizing the Login, or if you want a more general
capability in our AbstractLogin.
Since the new configuration uses Java DI, your application can grab
the login. The configuration looks like:
<sec:BasicLogin/>
And then you could use
@Current AbstractLogin _login;
Or
@Current BasicLogin _login;
(At present, the Login interface itself wouldn't be useful from a
programmatic standpoint, while we could add methods to AbstractLogin.)
-- Scott
>
>
> I need a way, in my web app, to programmatically say to the container
> "authenticate as this user/pass". Then these credentials will be used
> for further calls into the EJB tier or for responding to
> HttpServletRequest.isUserInRole() calls. Of course at the SPI level
> these will end up calling into my Resin Authenticator.
>
> This is a pretty common problem, there must be a Resin way to do it.
> In JBoss5, it looks like this:
>
> SecurityClient securityClient =
> SecurityClientFactory.getSecurityClient();
> securityClient.setSimple("user", "password");
> securityClient.login();
>
> Thanks,
> Jeff
>
> On Thu, Mar 19, 2009 at 7:38 PM, Aaron Freeman <aaron.free...@layerz.com
> > wrote:
>>
>>> #2 is still a mystery to me. I'm in a servlet, how do I
>>> programmatically tell the container to "log me in" with a username
>>> and
>>> password?
>>>
>> This page has a good overview of how to do it:
>>
>> http://www.informit.com/articles/article.aspx?p=24253&seqNum=7
>>
>> So you set up your security constraints in your resin.xml and
>> reference
>> a custom authenticator inside the login-config. The create your
>> custom
>> authenticator by AbstractAuthenticator.
>>
>> Note the code in the example is referencing:
>> com.caucho.server.http.AbstractAuthenticator but I think you want to
>> extend com.caucho.server.AbstractAuthenticator instead, as I think
>> the
>> .http. version is deprecated.
>>
>> - Aaron
>>
>>
>> _______________________________________________
>> resin-interest mailing list
>> resin-interest@caucho.com
>> http://maillist.caucho.com/mailman/listinfo/resin-interest
>>
>
>
> _______________________________________________
> resin-interest mailing list
> resin-interest@caucho.com
> http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
