Re: HELP!!! - Using UserManagers - Logging in users without asking for credentials
Thanxs for the hint. I could also think of a more portable solution to this problem. If it is just to provide single sign-on, I would, from within the client-servlet, first access any page known to be form-based login-proteced and reply with a post containing j_username and j_password. Store the session cookie in your servlet. Ignore the response. Then it now comes to access the protected resource, rather than packaging user-credentials into the request just set the cookie in the http-header and You are done. This has the added benefit that Your servlet may login over https while accessing the protected resource over faster http. And it works with any J2EE server. Bye, Falk - Original Message - Subject: RE: HELP!!! - Using UserManagers - Logging in users without asking for credentials You want to use the RoleManager: Context ctx = new InitialContext(); RoleManager roleMan = (RoleManager)ctx.lookup("java:comp/RoleManager"); try { roleMan.login(memberName, password); } catch (SecurityException ex) { return false; } return true; -Original Message- From: Chris Evans [mailto:[EMAIL PROTECTED]] servlet accept requests from another website. Balled up in that request would be user credentials(ie: username, password, etc...). From the
RE: HELP!!! - Using UserManagers - Logging in users without asking for credentials
You want to use the RoleManager: Context ctx = new InitialContext(); RoleManager roleMan = (RoleManager)ctx.lookup("java:comp/RoleManager"); try { roleMan.login(memberName, password); } catch (SecurityException ex) { return false; } return true; -Original Message- From: Chris Evans [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 25, 2001 3:49 PM To: Orion-Interest Subject: HELP!!! - Using UserManagers - Logging in users without asking for credentials Hey, I've tried everything that I can think of without any proper documentation/examples to go by. What i'm trying to do is have a servlet accept requests from another website. Balled up in that request would be user credentials(ie: username, password, etc...). From the request I want to log in that user to my application without them knowing they have switched sites. I thought EJBManager was the way to go but without any real documentation i'm at a loss as to how to go about doing this. Right now we use DataSourceUserManager and form-based login to accept the users info and that works fine. Does anybody have any idea/examples on how to do this??? I've tried changing the user-manager in orion-application.xml to "com.evermind.ejb.EJBManager" but I can't figure out how to use/see it in a servlet to be able to do lookups on the DB. Thanks, Chris Evans Canlink Interactive Technologies