Re: AUTHENTICATE question with WEBDAV.
Thanks, Bill . In BasicAuthenticator.java , the authenticate() method gets the username and password by calling : String authorization = request.getAuthorization(); which gets the value from the authorization request header, which is the value to be base 64 encoded of username and password. My goal is to set this request with the correct authorization header so that I can bypass the Login dialog if the username and password are already got before the request (before the user enters http:///webdav to run the webdav servlet). I have no clue how to do this ... What's the purpose of a VALVE class ? Thanks. Bill Barker [EMAIL PROTECTED] wrote: The simplest solution is to enable the SingleSignOnValve. This allows any login to any Context to be passes to any other Context. If this doesn't meet your needs, then you can: 1) Write a custom Valve to pickup the User. 2) Write a custom Authenticator that knows how to pickup the User. Dinh, Chinh wrote in message news:[EMAIL PROTECTED] I have a question about WEBDAV and How authenticate works. If i have this in web.xml BASIC MyCustomRealm It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Re: AUTHENTICATE question with WEBDAV.
A Valve is similar to a Filter, except that it is specific to Tomcat. The
reason to use a Valve here (instead of a Filter) is that Authentication
happens before any of the Filters get a chance to be called. However Valves
get called before Authentication, so you still have a chance to change
things. So leaving out the hard parts, you would have something like:
public class MySingleSignonValve implements Valve {
public MySingleSignonValve() {
}
public String getInfo() {
return MySingleSignonValve/1.0;
}
public void invoke(Request request, Response response, ValveContext
context)
throws IOException, ServletException {
String userName = getUserName(request); // Your implementation
if( userName != null ) {
String userPass = getUserPass(request, userName); // Your
implementation
String creds = userName + : + userPass;
String b64Creds = new String(Base64.encode(creds.getBytes()));
request.setAuthorization(b64Creds);
// Probably redundant, but can't hurt
request.addHeader(Authorization,Basic + b64Creds);
}
context.invokeNext(request, response);
}
// Your methods here
}
The tricky part is to figure out if the user has logged on before (which is
left as an exercise for the reader :). Tomcat's SingleSignOnValve is a good
place to look for ideas. Also, for a real-world Valve, you would probably
want to extend ValveBase instead of implementing Valve (although the latter
will work). The gain is LifeCycle support.
Dinh, Chinh [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks, Bill .
In BasicAuthenticator.java , the authenticate() method gets the username
and password by calling :
String authorization = request.getAuthorization();
which gets the value from the authorization request header, which is
the value to be base 64 encoded of username and password. My goal is to set
this request with the correct authorization header so that I can bypass
the Login dialog if the username and password are already got before the
request (before the user enters http:///webdav to run the webdav
servlet). I have no clue how to do this ... What's the purpose of a VALVE
class ? Thanks.
Bill Barker [EMAIL PROTECTED] wrote:
The simplest solution is to enable the SingleSignOnValve. This allows any
login to any Context to be passes to any other Context. If this doesn't
meet your needs, then you can:
1) Write a custom Valve to pickup the User.
2) Write a custom Authenticator that knows how to pickup the User.
Dinh, Chinh wrote in message
news:[EMAIL PROTECTED]
I have a question about WEBDAV and How authenticate works.
If i have this in web.xml
BASIC
MyCustomRealm
It will get an Popup Log in dialog, and it will invoke my realm's
authenticate() method, with username and password being entered by
the user.
However, I do not want the log in dialog to pop up in all cases.
There's a case that the user is already authenticated BEFORE he tries
to run the webdav servlet, and in this case, he wants to bypass the
log in dialog.
Do you know How to pass in the Authenticator class some information
so that it doesn't need to invoke the login dialog if the user is
already
authenticated ? What information would the authenticator need ?
Thanks.
- Chinh
-
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
AUTHENTICATE question with WEBDAV.
I have a question about WEBDAV and How authenticate works. If i have this in web.xml login-config auth-methodBASIC/auth-method realm-nameMyCustomRealm/realm-name /login-config It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Re: AUTHENTICATE question with WEBDAV.
The simplest solution is to enable the SingleSignOnValve. This allows any login to any Context to be passes to any other Context. If this doesn't meet your needs, then you can: 1) Write a custom Valve to pickup the User. 2) Write a custom Authenticator that knows how to pickup the User. Dinh, Chinh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have a question about WEBDAV and How authenticate works. If i have this in web.xml login-config auth-methodBASIC/auth-method realm-nameMyCustomRealm/realm-name /login-config It will get an Popup Log in dialog, and it will invoke my realm's authenticate() method, with username and password being entered by the user. However, I do not want the log in dialog to pop up in all cases. There's a case that the user is already authenticated BEFORE he tries to run the webdav servlet, and in this case, he wants to bypass the log in dialog. Do you know How to pass in the Authenticator class some information so that it doesn't need to invoke the login dialog if the user is already authenticated ? What information would the authenticator need ? Thanks. - Chinh - Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
