Re: Getting User Password from Subject

Tue, 19 Apr 2011 01:09:21 -0700 

Since i need to do it in servlet here how i tried:

Engine engine = Jetspeed.getEngine();
UserManager userManager =
(UserManager)engine.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager");

Similalry i got AuthenticationProvider and then used its method
Authenticate. Passed username and entered password to authenticate. This way
if password is correct user is authenticated thus password re-validation
successfull..

Is it correct way to do? Though if i have decoded password in session it
will more efficient to check instead of calling J2 services to authenticate.

Thanks


On Tue, Apr 19, 2011 at 11:37 AM, anyz <[email protected]> wrote:

> Thanks it worked. But it returns encoded password. Actually there is
> scenario when i ask user for his passowrd before performing certain action.
> I plan to store the current user password at logon time in session and later
> when ever re-validation is required just  match the entered password with
> one in session.
>
> For this either i need to decode password found through PasswordCredential
> or i have to encode palin password entered by user.
>
> Thanks
>
>
> On Mon, Apr 18, 2011 at 8:36 PM, Woonsan Ko <[email protected]> wrote:
>
>> You can use the following instead:
>> org.apache.jetspeed.security.UserManager#getPasswordCredential(User user);
>> org.apache.jetspeed.security.UserManager#getUser(String userName);
>>
>> Woonsan
>>
>> --- On Mon, 4/18/11, anyz <[email protected]> wrote:
>>
>> > From: anyz <[email protected]>
>> > Subject: Getting User Password from Subject
>> > To: "Jetspeed Users List" <[email protected]>
>> > Date: Monday, April 18, 2011, 9:18 AM
>>  > I need to get user password from
>> > javax.security.auth.Subject and set in
>> > session. I noted we can use
>> > SecurityHelper.getPasswordCredential().getPassword() for
>> > this. However its
>> > not available in jetspeed-security-2.2.1 version that i
>> > think is appropriate
>> > version to use with Jetspeed 2.2.1.
>> >
>> > Is SecurityHelper moved some where else or is there other
>> > way to go. I could
>> > not find out.
>> >
>> > Thanks
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>

Reply via email to