RE: Customizing the web authentication service
Title: Customizing the web authentication service Sun specifically leaves security mapping to each vendor/platform. The only thing that's specified is roles, but how do they map really it's up to the vendor and more than often is platform dependant (especially with Windows Auth) HTH JP -Original Message-From: elephantwalker [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 11:49 PMTo: Orion-InterestSubject: RE: Customizing the web authentication service Ben, Sun has specified the way security should behave, but not the implementation. Each j2ee vendor has chosen a different method, so it is truly one pain in the "arse" (forgive my old english). Regards, Elephantwalker -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ben WarnerSent: Monday, March 19, 2001 6:41 PMTo: Orion-InterestSubject: RE: Customizing the web authentication service Thanks, my passwords in the database are encrypted by a one way hash algorithm so I don't think this DataSourceUserManager will do all that I want. I have found and read the thread on "Custom UserManager" in this list and have deciphered the hard truth that I will have to implement my own UserManager... RoleManager... User etc From this and other threads on similar topics I have also concluded that there is no J2EE standard for defining and using your own Authentication module. Is someone able to confirm this for me with certainty? regards, bw. -Original Message-From: Magnus Rydin [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 5:51 PMTo: Orion-InterestSubject: SV: Customizing the web authentication service Take a look at http://www.orionsupport.com/articles/datasourceusermanager.html WR -Ursprungligt meddelande-Från: Ben Warner [mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001 20:00Till: Orion-InterestÄmne: Customizing the web authentication service Hi, I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance. I'm running a J2EE application in orion using form based authentication. The problem is that users are authenticated by the webserver according to the contents of the principals.xml file for my application. In my application users (including username password) are stored in the database and I don't want to use the principals.xml file to store all my user logins. What I want is for the webserver to call my own custom authentication method to authenticate the user and let me decide if the login is valid or not and set the appropriate user principal in the session if it is valid. I'm sure this has been done a million times... I must be looking in the wrong places... Thanks again, bw.
RE: Customizing the web authentication service
Title: Customizing the web authentication service Thanks, my passwords in the database are encrypted by a one way hash algorithm so I don't think this DataSourceUserManager will do all that I want. I have found and read the thread on "Custom UserManager" in this list and have deciphered the hard truth that I will have to implement my own UserManager... RoleManager... User etc From this and other threads on similar topics I have also concluded that there is no J2EE standard for defining and using your own Authentication module. Is someone able to confirm this for me with certainty? regards, bw. -Original Message-From: Magnus Rydin [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 5:51 PMTo: Orion-InterestSubject: SV: Customizing the web authentication service Take a look at http://www.orionsupport.com/articles/datasourceusermanager.html WR -Ursprungligt meddelande-Från: Ben Warner [mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001 20:00Till: Orion-InterestÄmne: Customizing the web authentication service Hi, I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance. I'm running a J2EE application in orion using form based authentication. The problem is that users are authenticated by the webserver according to the contents of the principals.xml file for my application. In my application users (including username password) are stored in the database and I don't want to use the principals.xml file to store all my user logins. What I want is for the webserver to call my own custom authentication method to authenticate the user and let me decide if the login is valid or not and set the appropriate user principal in the session if it is valid. I'm sure this has been done a million times... I must be looking in the wrong places... Thanks again, bw.
RE: Customizing the web authentication service
Title: Customizing the web authentication service Ben, Sun has specified the way security should behave, but not the implementation. Each j2ee vendor has chosen a different method, so it is truly one pain in the "arse" (forgive my old english). Regards, Elephantwalker -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ben WarnerSent: Monday, March 19, 2001 6:41 PMTo: Orion-InterestSubject: RE: Customizing the web authentication service Thanks, my passwords in the database are encrypted by a one way hash algorithm so I don't think this DataSourceUserManager will do all that I want. I have found and read the thread on "Custom UserManager" in this list and have deciphered the hard truth that I will have to implement my own UserManager... RoleManager... User etc From this and other threads on similar topics I have also concluded that there is no J2EE standard for defining and using your own Authentication module. Is someone able to confirm this for me with certainty? regards, bw. -Original Message-From: Magnus Rydin [mailto:[EMAIL PROTECTED]]Sent: Monday, March 19, 2001 5:51 PMTo: Orion-InterestSubject: SV: Customizing the web authentication service Take a look at http://www.orionsupport.com/articles/datasourceusermanager.html WR -Ursprungligt meddelande-Från: Ben Warner [mailto:[EMAIL PROTECTED]]Skickat: den 18 mars 2001 20:00Till: Orion-InterestÄmne: Customizing the web authentication service Hi, I'm trying to do something simple but I'm frustrated by my lack of success in finding information about it. I have scoured the list, the web, J2EE doco and would appreciate any information that may help me. Thanks in advance. I'm running a J2EE application in orion using form based authentication. The problem is that users are authenticated by the webserver according to the contents of the principals.xml file for my application. In my application users (including username password) are stored in the database and I don't want to use the principals.xml file to store all my user logins. What I want is for the webserver to call my own custom authentication method to authenticate the user and let me decide if the login is valid or not and set the appropriate user principal in the session if it is valid. I'm sure this has been done a million times... I must be looking in the wrong places... Thanks again, bw.