RE: API for authenticating user
As I told in this thread before, what I want to do is authenticating users as soon as they register themselves. Currently new users have to (1) visit subscribing page to subscribe and then (2) visit login page and input user name and password again. I want to avoid (2) step for new users. And I found the Tomcat API that seems to be used to memorize user principal into session. But I faced class loader problem. And yes, I agree with Justin, I don't want to move catalina.jar from server/lib to common/lib. So, now to solve this, I tried next option, that is, I tried RequestDispatcher.include() method in order to call j_security_check action as follows (in my struts action): // prior to the follwowing code, username, password and // role have been successfully saved into JDBCRealm RequestDispatcher dispatcher = getServlet().getServletContext().getRequestDispatcher( /j_security_check ); request.setAttribute( j_username, username ); request.setAttribute( j_password, password ); dispatcher.include( request, response ); But this didn't solve the issue. After registering user and running the above code, users who try to visit secured page forced to move to login form and are asked to input username and password. What am I wrong? regards, Koji -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Friday, May 28, 2004 12:35 PM To: Tomcat Users List Subject: RE: API for authenticating user Koji, (1) Make sure you understand the implications of directly using any of Tomcat's internal classes (such as o.a.coyote.tomcat5.CoyoteRequest) -- especially to circumvent intended security. It is rarely advisable. If you still want to use it, move the class and/or jar into the $TOMCAT_HOME/common/classes or $TOMCAT_HOME/common/lib directory. It will be accessible to both Tomcat and your webapps in this case. Repeat (1). justin At 08:15 PM 5/27/2004, you wrote: Hi again, I found org.apache.coyote.tomcat5.CoyoteRequest class has a method setUserPrincipal which seems to be used to memorize authenticated user's principal into session. So I think I can call this method to authenticate users as soon as they register. But at runtime, when a user register himself and a regiter program (struts action) trys to call the method, the following exception occured: java.lang.NoClassDefFoundError: org/apache/coyote/tomcat5/CoyoteRequest sample.action.SubscribeAction.execute(SubscribeAction.java:34) org.apache.struts.action.RequestProcessor.processActionPerform(Re questProces sor.java:484) org.apache.struts.action.RequestProcessor.process(RequestProcesso r.java:274) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) This is because of Tomcat class loader problem. The Tomcat document says, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html Catalina - This class loader is initialized to include all classes and resources required to implement Tomcat 5 itself. These classes and resources are TOTALLY invisible to web applications. So, I think I cannot call CoyoteRequest.setUserPrincipal(). Any idears? regards, Koji -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:58 AM To: Tomcat Users List Subject: RE: API for authenticating user Redirecting to j_security_check is a nice idea. Yes, I know Servlet specification doesn't have such API. But Tomcat must implement a mechanism that associates user principal with http session so that servlets can get user principal by calling HttpServletRequest.getUserPrincipal(). So I'll check Tomcat implementation of the API (getUserPrincipal()) to see how Tomcat memorizes user principal. Koji -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt On May 25, 2004, at 7:51 PM, Koji Sekiguchi wrote: Yes, my question was how to authenticate users as soon as they register. I think there must be API for it. Sorry for posting not clear question. Any ideas? Koji -Original Message- From: Patrick Willart [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 5:53 AM To: Tomcat Users List Subject: RE
RE: API for authenticating user
I also tried: String url = /j_security_check + ? + j_username + = + username + + j_password + = + password; RequestDispatcher dispatcher = getServlet().getServletContext().getRequestDispatcher( url ); dispatcher.include( request, response ); but this doesn't work, too. Please help. Koji -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: Friday, May 28, 2004 3:15 PM To: Tomcat Users List Subject: RE: API for authenticating user As I told in this thread before, what I want to do is authenticating users as soon as they register themselves. Currently new users have to (1) visit subscribing page to subscribe and then (2) visit login page and input user name and password again. I want to avoid (2) step for new users. And I found the Tomcat API that seems to be used to memorize user principal into session. But I faced class loader problem. And yes, I agree with Justin, I don't want to move catalina.jar from server/lib to common/lib. So, now to solve this, I tried next option, that is, I tried RequestDispatcher.include() method in order to call j_security_check action as follows (in my struts action): // prior to the follwowing code, username, password and // role have been successfully saved into JDBCRealm RequestDispatcher dispatcher = getServlet().getServletContext().getRequestDispatcher( /j_security_check ); request.setAttribute( j_username, username ); request.setAttribute( j_password, password ); dispatcher.include( request, response ); But this didn't solve the issue. After registering user and running the above code, users who try to visit secured page forced to move to login form and are asked to input username and password. What am I wrong? regards, Koji -Original Message- From: Justin Ruthenbeck [mailto:[EMAIL PROTECTED] Sent: Friday, May 28, 2004 12:35 PM To: Tomcat Users List Subject: RE: API for authenticating user Koji, (1) Make sure you understand the implications of directly using any of Tomcat's internal classes (such as o.a.coyote.tomcat5.CoyoteRequest) -- especially to circumvent intended security. It is rarely advisable. If you still want to use it, move the class and/or jar into the $TOMCAT_HOME/common/classes or $TOMCAT_HOME/common/lib directory. It will be accessible to both Tomcat and your webapps in this case. Repeat (1). justin At 08:15 PM 5/27/2004, you wrote: Hi again, I found org.apache.coyote.tomcat5.CoyoteRequest class has a method setUserPrincipal which seems to be used to memorize authenticated user's principal into session. So I think I can call this method to authenticate users as soon as they register. But at runtime, when a user register himself and a regiter program (struts action) trys to call the method, the following exception occured: java.lang.NoClassDefFoundError: org/apache/coyote/tomcat5/CoyoteRequest sample.action.SubscribeAction.execute(SubscribeAction.java:34) org.apache.struts.action.RequestProcessor.processActionPerform(Re questProces sor.java:484) org.apache.struts.action.RequestProcessor.process(RequestProcesso r.java:274) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) This is because of Tomcat class loader problem. The Tomcat document says, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html Catalina - This class loader is initialized to include all classes and resources required to implement Tomcat 5 itself. These classes and resources are TOTALLY invisible to web applications. So, I think I cannot call CoyoteRequest.setUserPrincipal(). Any idears? regards, Koji -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:58 AM To: Tomcat Users List Subject: RE: API for authenticating user Redirecting to j_security_check is a nice idea. Yes, I know Servlet specification doesn't have such API. But Tomcat must implement a mechanism that associates user principal with http session so that servlets can get user principal by calling HttpServletRequest.getUserPrincipal(). So I'll check Tomcat implementation of the API (getUserPrincipal()) to see how Tomcat memorizes user principal. Koji -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container
RE: API for authenticating user
Hi again, I found org.apache.coyote.tomcat5.CoyoteRequest class has a method setUserPrincipal which seems to be used to memorize authenticated user's principal into session. So I think I can call this method to authenticate users as soon as they register. But at runtime, when a user register himself and a regiter program (struts action) trys to call the method, the following exception occured: java.lang.NoClassDefFoundError: org/apache/coyote/tomcat5/CoyoteRequest sample.action.SubscribeAction.execute(SubscribeAction.java:34) org.apache.struts.action.RequestProcessor.processActionPerform(RequestProces sor.java:484) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) This is because of Tomcat class loader problem. The Tomcat document says, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html Catalina - This class loader is initialized to include all classes and resources required to implement Tomcat 5 itself. These classes and resources are TOTALLY invisible to web applications. So, I think I cannot call CoyoteRequest.setUserPrincipal(). Any idears? regards, Koji -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:58 AM To: Tomcat Users List Subject: RE: API for authenticating user Redirecting to j_security_check is a nice idea. Yes, I know Servlet specification doesn't have such API. But Tomcat must implement a mechanism that associates user principal with http session so that servlets can get user principal by calling HttpServletRequest.getUserPrincipal(). So I'll check Tomcat implementation of the API (getUserPrincipal()) to see how Tomcat memorizes user principal. Koji -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt On May 25, 2004, at 7:51 PM, Koji Sekiguchi wrote: Yes, my question was how to authenticate users as soon as they register. I think there must be API for it. Sorry for posting not clear question. Any ideas? Koji -Original Message- From: Patrick Willart [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 5:53 AM To: Tomcat Users List Subject: RE: API for authenticating user I believe Koji wants to authenticate users as soon as they register. I agree with him that it's kind of silly to have the user first fill out all his user profile information to register as a new user to the site, and then ask him to log on. It would be nice if one is able to log on the user automatically after registration. grts. Patrick -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:15 PM To: 'Tomcat Users List' Subject: RE: API for authenticating user Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands
RE: API for authenticating user
Koji, (1) Make sure you understand the implications of directly using any of Tomcat's internal classes (such as o.a.coyote.tomcat5.CoyoteRequest) -- especially to circumvent intended security. It is rarely advisable. If you still want to use it, move the class and/or jar into the $TOMCAT_HOME/common/classes or $TOMCAT_HOME/common/lib directory. It will be accessible to both Tomcat and your webapps in this case. Repeat (1). justin At 08:15 PM 5/27/2004, you wrote: Hi again, I found org.apache.coyote.tomcat5.CoyoteRequest class has a method setUserPrincipal which seems to be used to memorize authenticated user's principal into session. So I think I can call this method to authenticate users as soon as they register. But at runtime, when a user register himself and a regiter program (struts action) trys to call the method, the following exception occured: java.lang.NoClassDefFoundError: org/apache/coyote/tomcat5/CoyoteRequest sample.action.SubscribeAction.execute(SubscribeAction.java:34) org.apache.struts.action.RequestProcessor.processActionPerform(RequestProces sor.java:484) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) This is because of Tomcat class loader problem. The Tomcat document says, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html Catalina - This class loader is initialized to include all classes and resources required to implement Tomcat 5 itself. These classes and resources are TOTALLY invisible to web applications. So, I think I cannot call CoyoteRequest.setUserPrincipal(). Any idears? regards, Koji -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:58 AM To: Tomcat Users List Subject: RE: API for authenticating user Redirecting to j_security_check is a nice idea. Yes, I know Servlet specification doesn't have such API. But Tomcat must implement a mechanism that associates user principal with http session so that servlets can get user principal by calling HttpServletRequest.getUserPrincipal(). So I'll check Tomcat implementation of the API (getUserPrincipal()) to see how Tomcat memorizes user principal. Koji -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt On May 25, 2004, at 7:51 PM, Koji Sekiguchi wrote: Yes, my question was how to authenticate users as soon as they register. I think there must be API for it. Sorry for posting not clear question. Any ideas? Koji -Original Message- From: Patrick Willart [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 5:53 AM To: Tomcat Users List Subject: RE: API for authenticating user I believe Koji wants to authenticate users as soon as they register. I agree with him that it's kind of silly to have the user first fill out all his user profile information to register as a new user to the site, and then ask him to log on. It would be nice if one is able to log on the user automatically after registration. grts. Patrick -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:15 PM To: 'Tomcat Users List' Subject: RE: API for authenticating user Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new
RE: API for authenticating user
Hi Matt, application under your link is not running. Lipi -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 4:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: API for authenticating user
Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: API for authenticating user
I believe Koji wants to authenticate users as soon as they register. I agree with him that it's kind of silly to have the user first fill out all his user profile information to register as a new user to the site, and then ask him to log on. It would be nice if one is able to log on the user automatically after registration. grts. Patrick -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:15 PM To: 'Tomcat Users List' Subject: RE: API for authenticating user Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: API for authenticating user
Yes, my question was how to authenticate users as soon as they register. I think there must be API for it. Sorry for posting not clear question. Any ideas? Koji -Original Message- From: Patrick Willart [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 5:53 AM To: Tomcat Users List Subject: RE: API for authenticating user I believe Koji wants to authenticate users as soon as they register. I agree with him that it's kind of silly to have the user first fill out all his user profile information to register as a new user to the site, and then ask him to log on. It would be nice if one is able to log on the user automatically after registration. grts. Patrick -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:15 PM To: 'Tomcat Users List' Subject: RE: API for authenticating user Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: API for authenticating user
Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt On May 25, 2004, at 7:51 PM, Koji Sekiguchi wrote: Yes, my question was how to authenticate users as soon as they register. I think there must be API for it. Sorry for posting not clear question. Any ideas? Koji -Original Message- From: Patrick Willart [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 5:53 AM To: Tomcat Users List Subject: RE: API for authenticating user I believe Koji wants to authenticate users as soon as they register. I agree with him that it's kind of silly to have the user first fill out all his user profile information to register as a new user to the site, and then ask him to log on. It would be nice if one is able to log on the user automatically after registration. grts. Patrick -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:15 PM To: 'Tomcat Users List' Subject: RE: API for authenticating user Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: API for authenticating user
Redirecting to j_security_check is a nice idea. Yes, I know Servlet specification doesn't have such API. But Tomcat must implement a mechanism that associates user principal with http session so that servlets can get user principal by calling HttpServletRequest.getUserPrincipal(). So I'll check Tomcat implementation of the API (getUserPrincipal()) to see how Tomcat memorizes user principal. Koji -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt On May 25, 2004, at 7:51 PM, Koji Sekiguchi wrote: Yes, my question was how to authenticate users as soon as they register. I think there must be API for it. Sorry for posting not clear question. Any ideas? Koji -Original Message- From: Patrick Willart [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 5:53 AM To: Tomcat Users List Subject: RE: API for authenticating user I believe Koji wants to authenticate users as soon as they register. I agree with him that it's kind of silly to have the user first fill out all his user profile information to register as a new user to the site, and then ask him to log on. It would be nice if one is able to log on the user automatically after registration. grts. Patrick -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:15 PM To: 'Tomcat Users List' Subject: RE: API for authenticating user Hi, Sorry, I might've misunderstood you. Are you saying that even after a user has loged in, they will still be prompted for log in information if they try to go to another page during the same sessions? That's weird..., because if you have your session set up right, tomcat will remember the subsequent requests from the same user. Or are you trying to remember the user for the following sessions as well? That would be platform-dependent since you will have to store user's information locally on the client side. Can you clarify your question? Thanks Yan -Original Message- From: Koji Sekiguchi [mailto:[EMAIL PROTECTED] Sent: May 23, 2004 21:14 To: [EMAIL PROTECTED] Subject: API for authenticating user Hi, I'd like to know how to authenticate a new user when he/she subscribe his/herself so that he/she can avoid login procedure. I've successfully set up Form Authentication and JDBC Realm on Tomcat 5.0.24. But now, new users must visit login page to authenticate themselves after subscribing. I'd like to reduce the login step for subscribers if session continues. I think I have to use a couple of Tomcat API and save principal information into the user session, right? regards, Koji - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
