Re: AUTHENTICATE question with WEBDAV.
Thanks, Bill . In BasicAuthenticator.java , the authenticate() method gets the username and password by calling : String authorization = request.getAuthorization(); which gets the value from the authorization request header, which is the value to be base 64 encoded of username and password. My goal is to set this request with the correct authorization header so that I can bypass the Login dialog if the username and password are already got before the request (before the user enters http:///webdav to run the webdav servlet). I have no clue how to do this ... What's the purpose of a VALVE class ? Thanks. Bill Barker [EMAIL PROTECTED] wrote: The simplest solution is to enable the SingleSignOnValve. This allows any login to any Context to be passes to any other Context. If this doesn't meet your needs, then you can: 1) Write a custom Valve to pickup the User. 2) Write a custom Authenticator that knows how to pickup the User. Dinh, Chinh wrote in message news:[EMAIL PROTECTED] I have a question about WEBDAV and How authenticate works. If i have this in web.xml BASIC MyCustomRealm It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Re: AUTHENTICATE question with WEBDAV.
A Valve is similar to a Filter, except that it is specific to Tomcat. The reason to use a Valve here (instead of a Filter) is that Authentication happens before any of the Filters get a chance to be called. However Valves get called before Authentication, so you still have a chance to change things. So leaving out the hard parts, you would have something like: public class MySingleSignonValve implements Valve { public MySingleSignonValve() { } public String getInfo() { return MySingleSignonValve/1.0; } public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { String userName = getUserName(request); // Your implementation if( userName != null ) { String userPass = getUserPass(request, userName); // Your implementation String creds = userName + : + userPass; String b64Creds = new String(Base64.encode(creds.getBytes())); request.setAuthorization(b64Creds); // Probably redundant, but can't hurt request.addHeader(Authorization,Basic + b64Creds); } context.invokeNext(request, response); } // Your methods here } The tricky part is to figure out if the user has logged on before (which is left as an exercise for the reader :). Tomcat's SingleSignOnValve is a good place to look for ideas. Also, for a real-world Valve, you would probably want to extend ValveBase instead of implementing Valve (although the latter will work). The gain is LifeCycle support. Dinh, Chinh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks, Bill . In BasicAuthenticator.java , the authenticate() method gets the username and password by calling : String authorization = request.getAuthorization(); which gets the value from the authorization request header, which is the value to be base 64 encoded of username and password. My goal is to set this request with the correct authorization header so that I can bypass the Login dialog if the username and password are already got before the request (before the user enters http:///webdav to run the webdav servlet). I have no clue how to do this ... What's the purpose of a VALVE class ? Thanks. Bill Barker [EMAIL PROTECTED] wrote: The simplest solution is to enable the SingleSignOnValve. This allows any login to any Context to be passes to any other Context. If this doesn't meet your needs, then you can: 1) Write a custom Valve to pickup the User. 2) Write a custom Authenticator that knows how to pickup the User. Dinh, Chinh wrote in message news:[EMAIL PROTECTED] I have a question about WEBDAV and How authenticate works. If i have this in web.xml BASIC MyCustomRealm It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AUTHENTICATE question with WEBDAV.
I have a question about WEBDAV and How authenticate works. If i have this in web.xml login-config auth-methodBASIC/auth-method realm-nameMyCustomRealm/realm-name /login-config It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Re: AUTHENTICATE question with WEBDAV.
The simplest solution is to enable the SingleSignOnValve. This allows any login to any Context to be passes to any other Context. If this doesn't meet your needs, then you can: 1) Write a custom Valve to pickup the User. 2) Write a custom Authenticator that knows how to pickup the User. Dinh, Chinh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have a question about WEBDAV and How authenticate works. If i have this in web.xml login-config auth-methodBASIC/auth-method realm-nameMyCustomRealm/realm-name /login-config It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]