Re: HELP!!! - Using UserManagers - Logging in users without asking for credentials
Thanxs for the hint.
I could also think of a more portable solution to this problem.
If it is just to provide single sign-on, I would, from within the
client-servlet, first access any page known to be form-based login-proteced
and reply with a post containing j_username and j_password. Store the
session cookie in your servlet. Ignore the response.
Then it now comes to access the protected resource, rather than packaging
user-credentials into the request just set the cookie in the http-header and
You are done.
This has the added benefit that Your servlet may login over https while
accessing the protected resource over faster http. And it works with any
J2EE server.
Bye,
Falk
- Original Message -
Subject: RE: HELP!!! - Using UserManagers - Logging in users without asking
for credentials
You want to use the RoleManager:
Context ctx = new InitialContext();
RoleManager roleMan =
(RoleManager)ctx.lookup("java:comp/RoleManager");
try
{
roleMan.login(memberName, password);
}
catch (SecurityException ex)
{
return false;
}
return true;
-Original Message-
From: Chris Evans [mailto:[EMAIL PROTECTED]]
servlet accept requests from another website. Balled up in that request
would be user credentials(ie: username, password, etc...). From the
RE: HELP!!! - Using UserManagers - Logging in users without asking for credentials
You want to use the RoleManager:
Context ctx = new InitialContext();
RoleManager roleMan =
(RoleManager)ctx.lookup("java:comp/RoleManager");
try
{
roleMan.login(memberName, password);
}
catch (SecurityException ex)
{
return false;
}
return true;
-Original Message-
From: Chris Evans [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 25, 2001 3:49 PM
To: Orion-Interest
Subject: HELP!!! - Using UserManagers - Logging in users without asking
for credentials
Hey,
I've tried everything that I can think of without any proper
documentation/examples to go by. What i'm trying to do is have a
servlet accept requests from another website. Balled up in that request
would be user credentials(ie: username, password, etc...). From the
request I want to log in that user to my application without them
knowing they have switched sites. I thought EJBManager was the way to
go but without any real documentation i'm at a loss as to how to go
about doing this. Right now we use DataSourceUserManager and form-based
login to accept the users info and that works fine.
Does anybody have any idea/examples on how to do this???
I've tried changing the user-manager in orion-application.xml to
"com.evermind.ejb.EJBManager" but I can't figure out how to use/see it
in a servlet to be able to do lookups on the DB.
Thanks,
Chris Evans
Canlink Interactive Technologies
