yeah thats right. So authenticating user is only way to go as described above. right? Thanks
On Tue, Apr 19, 2011 at 5:11 PM, Woonsan Ko <[email protected]> wrote: > > --- On Tue, 4/19/11, anyz <[email protected]> wrote: > > > From: anyz <[email protected]> > > Subject: Re: Getting User Password from Subject > > To: "Jetspeed Users List" <[email protected]> > > Date: Tuesday, April 19, 2011, 10:08 AM > > Since i need to do it in servlet here > > how i tried: > > > > Engine engine = Jetspeed.getEngine(); > > UserManager userManager = > > > (UserManager)engine.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager"); > > > > Similalry i got AuthenticationProvider and then used its > > method > > Authenticate. Passed username and entered password to > > authenticate. This way > > if password is correct user is authenticated thus password > > re-validation > > successfull.. > > > > Is it correct way to do? Though if i have decoded password > > in session it > > will more efficient to check instead of calling J2 services > > to authenticate. > > Passwords are stored by one-way hash encryption to keep those > well-protected (read encrypted). It's not possible to have decoded values > and not recommended to do so. > > Woonsan > > > > > Thanks > > > > > > On Tue, Apr 19, 2011 at 11:37 AM, anyz <[email protected]> > > wrote: > > > > > Thanks it worked. But it returns encoded password. > > Actually there is > > > scenario when i ask user for his passowrd before > > performing certain action. > > > I plan to store the current user password at logon > > time in session and later > > > when ever re-validation is required just match > > the entered password with > > > one in session. > > > > > > For this either i need to decode password found > > through PasswordCredential > > > or i have to encode palin password entered by user. > > > > > > Thanks > > > > > > > > > On Mon, Apr 18, 2011 at 8:36 PM, Woonsan Ko <[email protected]> > > wrote: > > > > > >> You can use the following instead: > > >> > > org.apache.jetspeed.security.UserManager#getPasswordCredential(User > > user); > > >> > > org.apache.jetspeed.security.UserManager#getUser(String > > userName); > > >> > > >> Woonsan > > >> > > >> --- On Mon, 4/18/11, anyz <[email protected]> > > wrote: > > >> > > >> > From: anyz <[email protected]> > > >> > Subject: Getting User Password from Subject > > >> > To: "Jetspeed Users List" <[email protected]> > > >> > Date: Monday, April 18, 2011, 9:18 AM > > >> > I need to get user password from > > >> > javax.security.auth.Subject and set in > > >> > session. I noted we can use > > >> > > > SecurityHelper.getPasswordCredential().getPassword() for > > >> > this. However its > > >> > not available in jetspeed-security-2.2.1 > > version that i > > >> > think is appropriate > > >> > version to use with Jetspeed 2.2.1. > > >> > > > >> > Is SecurityHelper moved some where else or is > > there other > > >> > way to go. I could > > >> > not find out. > > >> > > > >> > Thanks > > >> > > > >> > > >> > > --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: [email protected] > > >> For additional commands, e-mail: > [email protected] > > >> > > >> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
