RE: Customizing the web authentication service
Title: Customizing the web authentication service
Sun
specifically leaves security mapping to each vendor/platform. The only thing
that's specified is roles, but how do they map really it's up to the vendor and
more than often is platform dependant (especially with Windows Auth)
HTH
JP
-Original Message-From:
elephantwalker [mailto:[EMAIL PROTECTED]]Sent: Monday, March
19, 2001 11:49 PMTo: Orion-InterestSubject: RE:
Customizing the web authentication service
Ben,
Sun
has specified the way security should behave, but not the implementation. Each
j2ee vendor has chosen a different method, so it is truly one pain in the
"arse" (forgive my old english).
Regards,
Elephantwalker
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ben
WarnerSent: Monday, March 19, 2001 6:41 PMTo:
Orion-InterestSubject: RE: Customizing the web authentication
service
Thanks,
my passwords in
the database are encrypted by a one way hash algorithm so I don't think this
DataSourceUserManager will do all that I want.
I have found and
read the thread on "Custom UserManager" in this list and have deciphered the
hard truth that I will have to implement my own UserManager...
RoleManager... User etc
From this and
other threads on similar topics I have also concluded that there is no J2EE
standard for defining and using your own Authentication module. Is someone
able to confirm this for me with certainty?
regards,
bw.
-Original Message-From: Magnus Rydin
[mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001
5:51 PMTo: Orion-InterestSubject: SV: Customizing
the web authentication service
Take a look at
http://www.orionsupport.com/articles/datasourceusermanager.html
WR
-Ursprungligt meddelande-Från: Ben Warner
[mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001
20:00Till: Orion-InterestÄmne: Customizing the web
authentication service
Hi,
I'm trying to do something simple but I'm
frustrated by my lack of success in finding information about it. I have
scoured the list, the web, J2EE doco and would appreciate any
information that may help me. Thanks in advance.
I'm running a J2EE application in orion using
form based authentication. The problem is that users are authenticated
by the webserver according to the contents of the principals.xml file
for my application. In my application users (including username
password) are stored in the database and I don't want to use the
principals.xml file to store all my user logins.
What I want is for the webserver to call my
own custom authentication method to authenticate the user and let me
decide if the login is valid or not and set the appropriate user
principal in the session if it is valid. I'm sure this has been done a
million times... I must be looking in the wrong places...
Thanks again, bw.
RE: Customizing the web authentication service
Title: Customizing the web authentication service Thanks, my passwords in the database are encrypted by a one way hash algorithm so I don't think this DataSourceUserManager will do all that I want. I have found and read the thread on "Custom UserManager" in this list and have deciphered the hard truth that I will have to implement my own UserManager... RoleManager... User etc From this and other threads on similar topics I have also concluded that there is no J2EE standard for defining and using your own Authentication module. Is someone able to confirm this for me with certainty? regards, bw. -Original Message-From: Magnus Rydin [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 5:51 PMTo: Orion-InterestSubject: SV: Customizing the web authentication service Take a look at http://www.orionsupport.com/articles/datasourceusermanager.html WR -Ursprungligt meddelande-Från: Ben Warner [mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001 20:00Till: Orion-InterestÄmne: Customizing the web authentication service Hi, I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance. I'm running a J2EE application in orion using form based authentication. The problem is that users are authenticated by the webserver according to the contents of the principals.xml file for my application. In my application users (including username password) are stored in the database and I don't want to use the principals.xml file to store all my user logins. What I want is for the webserver to call my own custom authentication method to authenticate the user and let me decide if the login is valid or not and set the appropriate user principal in the session if it is valid. I'm sure this has been done a million times... I must be looking in the wrong places... Thanks again, bw.
RE: Customizing the web authentication service
Title: Customizing the web authentication service Ben, Sun has specified the way security should behave, but not the implementation. Each j2ee vendor has chosen a different method, so it is truly one pain in the "arse" (forgive my old english). Regards, Elephantwalker -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ben WarnerSent: Monday, March 19, 2001 6:41 PMTo: Orion-InterestSubject: RE: Customizing the web authentication service Thanks, my passwords in the database are encrypted by a one way hash algorithm so I don't think this DataSourceUserManager will do all that I want. I have found and read the thread on "Custom UserManager" in this list and have deciphered the hard truth that I will have to implement my own UserManager... RoleManager... User etc From this and other threads on similar topics I have also concluded that there is no J2EE standard for defining and using your own Authentication module. Is someone able to confirm this for me with certainty? regards, bw. -Original Message-From: Magnus Rydin [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 5:51 PMTo: Orion-InterestSubject: SV: Customizing the web authentication service Take a look at http://www.orionsupport.com/articles/datasourceusermanager.html WR -Ursprungligt meddelande-Från: Ben Warner [mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001 20:00Till: Orion-InterestÄmne: Customizing the web authentication service Hi, I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance. I'm running a J2EE application in orion using form based authentication. The problem is that users are authenticated by the webserver according to the contents of the principals.xml file for my application. In my application users (including username password) are stored in the database and I don't want to use the principals.xml file to store all my user logins. What I want is for the webserver to call my own custom authentication method to authenticate the user and let me decide if the login is valid or not and set the appropriate user principal in the session if it is valid. I'm sure this has been done a million times... I must be looking in the wrong places... Thanks again, bw.
