--- On Tue, 4/19/11, anyz <[email protected]> wrote: > From: anyz <[email protected]> > Subject: Re: Getting User Password from Subject > To: "Jetspeed Users List" <[email protected]> > Date: Tuesday, April 19, 2011, 2:51 PM > yeah thats right. So authenticating > user is only way to go as described > above. right?
Yes, I think that's the best so far. Woonsan > Thanks > > On Tue, Apr 19, 2011 at 5:11 PM, Woonsan Ko <[email protected]> > wrote: > > > > > --- On Tue, 4/19/11, anyz <[email protected]> > wrote: > > > > > From: anyz <[email protected]> > > > Subject: Re: Getting User Password from Subject > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Tuesday, April 19, 2011, 10:08 AM > > > Since i need to do it in servlet here > > > how i tried: > > > > > > Engine engine = Jetspeed.getEngine(); > > > UserManager userManager = > > > > > > (UserManager)engine.getComponentManager().getComponent("org.apache.jetspeed.security.UserManager"); > > > > > > Similalry i got AuthenticationProvider and then > used its > > > method > > > Authenticate. Passed username and entered > password to > > > authenticate. This way > > > if password is correct user is authenticated thus > password > > > re-validation > > > successfull.. > > > > > > Is it correct way to do? Though if i have decoded > password > > > in session it > > > will more efficient to check instead of calling > J2 services > > > to authenticate. > > > > Passwords are stored by one-way hash encryption to > keep those > > well-protected (read encrypted). It's not possible to > have decoded values > > and not recommended to do so. > > > > Woonsan > > > > > > > > Thanks > > > > > > > > > On Tue, Apr 19, 2011 at 11:37 AM, anyz <[email protected]> > > > wrote: > > > > > > > Thanks it worked. But it returns encoded > password. > > > Actually there is > > > > scenario when i ask user for his passowrd > before > > > performing certain action. > > > > I plan to store the current user password at > logon > > > time in session and later > > > > when ever re-validation is required > just match > > > the entered password with > > > > one in session. > > > > > > > > For this either i need to decode password > found > > > through PasswordCredential > > > > or i have to encode palin password entered > by user. > > > > > > > > Thanks > > > > > > > > > > > > On Mon, Apr 18, 2011 at 8:36 PM, Woonsan Ko > <[email protected]> > > > wrote: > > > > > > > >> You can use the following instead: > > > >> > > > > org.apache.jetspeed.security.UserManager#getPasswordCredential(User > > > user); > > > >> > > > > org.apache.jetspeed.security.UserManager#getUser(String > > > userName); > > > >> > > > >> Woonsan > > > >> > > > >> --- On Mon, 4/18/11, anyz <[email protected]> > > > wrote: > > > >> > > > >> > From: anyz <[email protected]> > > > >> > Subject: Getting User Password from > Subject > > > >> > To: "Jetspeed Users List" <[email protected]> > > > >> > Date: Monday, April 18, 2011, 9:18 > AM > > > >> > I need to get user password > from > > > >> > javax.security.auth.Subject and set > in > > > >> > session. I noted we can use > > > >> > > > > > SecurityHelper.getPasswordCredential().getPassword() for > > > >> > this. However its > > > >> > not available in > jetspeed-security-2.2.1 > > > version that i > > > >> > think is appropriate > > > >> > version to use with Jetspeed > 2.2.1. > > > >> > > > > >> > Is SecurityHelper moved some where > else or is > > > there other > > > >> > way to go. I could > > > >> > not find out. > > > >> > > > > >> > Thanks > > > >> > > > > >> > > > >> > > > > --------------------------------------------------------------------- > > > >> To unsubscribe, e-mail: [email protected] > > > >> For additional commands, e-mail: > > [email protected] > > > >> > > > >> > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
