Re: how to set remoteuser
Hardik Shah wrote: hi we can get remoteuser using request.getremoteuser() but how we can set it? - One approach is to wrap the request object. Create a Filter, decorate the HttpServletRequest with one the implements setRemoteUser() and delegates all other methods to the original. When getRemoteUser is invoked it checks it's local value first and if not set delegate to the wrapped request object. Only your code needs to be aware of the special implementation in order to set the remote user. A proxy of HttpServletRequest that does the same thing may also be possible. Not sure... A better approach is to use the container's authentication as intended so the remoteUser is managed by it.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Jeromy Evans - Blue Sky Minds wrote: A better approach is to use the container's authentication as intended so the remoteUser is managed by it.. i think u are saying about jdbc realm for container's authentication! - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19175267.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
my first and last goal about that i want to maintain single sign on without storing user information in session i have also integrated hibernate with it ,can i use for achieve somthing like or not? - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19175306.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Hardik Shah wrote: Jeromy Evans - Blue Sky Minds wrote: A better approach is to use the container's authentication as intended so the remoteUser is managed by it.. i think u are saying about jdbc realm for container's authentication! Correct. It's not as bad as it first seems if you manage the entries in the two tables (for tomcat) yourself. Otherwise the next step is a third party library like Spring Security. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Jeromy Evans - Blue Sky Minds wrote: Correct. It's not as bad as it first seems if you manage the entries in the two tables (for tomcat) yourself. Otherwise the next step is a third party library like Spring Security. try to use jdbcrealm but when submit gives error like HTTP Status 400 - Invalid direct reference to form login page finding solution from 2 days ,even no good tutorial found for that ,i surprised why this topic not included in struts 2 tutorial - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19175390.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Hardik Shah wrote: my first and last goal about that i want to maintain single sign on without storing user information in session i have also integrated hibernate with it ,can i use for achieve somthing like or not? Do you mean single sign-on as in across multiple domains or webapps? If so, this will probably be container specific. If you mean a stateless authentication approach (ie. they sign in once, then each subsequent request includes the credentials so you don't have to maintain a session for them), then: - use HTTP basic (or digest) so the browser must authentic each request - this will need to be setup in your container - if you use a JDBC realm, then, with tomcat at least, you can allow tomcat to access the tables directly and use your own webapp to add/remove users in those tables. To avoid the terrible browser pop-up for credentials: - if the user has javascript, perform login via an asynchronous request; - if the user doesn't have javascript, allow the container to redirect them to a plain old J2EE login page When you have a HTTP server in front of your J2EE container it gets a little more complicated; I'm not too sure about that. This isn't as trivial as it should be. There may be a better approach. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Hardik Shah wrote: Jeromy Evans - Blue Sky Minds wrote: Correct. It's not as bad as it first seems if you manage the entries in the two tables (for tomcat) yourself. Otherwise the next step is a third party library like Spring Security. try to use jdbcrealm but when submit gives error like HTTP Status 400 - Invalid direct reference to form login page finding solution from 2 days ,even no good tutorial found for that ,i surprised why this topic not included in struts 2 tutorial Get it to work without a login page first. Just allow it to popup with the browser dialog and for the container to authenticate via JDBC. When that works, investigate how to configure you container to redirect to a login page. I suspect most users implement their own custom authentication strategy, which means the Principle isn't valid, or they use Spring Security. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Jeromy Evans - Blue Sky Minds wrote: Do you mean single sign-on as in across multiple domains or webapps? If so, this will probably be container specific. If you mean a stateless authentication approach (ie. they sign in once, then each subsequent request includes the credentials so you don't have to maintain a session for them), then: i want use If you mean a stateless authentication approach (ie. they sign in once, then each subsequent request includes the credentials so you don't have to maintain a session for them), this approach in single webapp thanks i should go with spring security ,but it works fine with s2? - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19175681.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Hardik Shah wrote: this approach in single webapp thanks i should go with spring security ,but it works fine with s2? \ Yes, others definitely use it with S2 and Spring. It takes substantial amount of effort to learn. You may have to ask for specific help about that after going through the tutorials. I don't use spring security myself as I mainly use Guice/Warp which requires a different solution. Spring Security/Acegi is much more common. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Jeromy Evans - Blue Sky Minds wrote: Yes, others definitely use it with S2 and Spring. It takes substantial amount of effort to learn. You may have to ask for specific help about that after going through the tutorials. yes you are right ,i have just seen that ,it might be took so much longer time Jeromy Evans - Blue Sky Minds wrote: I don't use spring security myself as I mainly use Guice/Warp which requires a different solution. Spring Security/Acegi is much more common. could you provide basic stuff or link for implementing Guice/Warp with s2 - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19177247.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
Hardik Shah wrote: could you provide basic stuff or link for implementing Guice/Warp with s2 - he he, that's also a major decision if you want to go down that path. I don't recommend jumping after whichever approach seems least effort (btw, your original approach to use a realm or not using the principal at all is least initial effort if you don't want to learn another framework). http://code.google.com/p/google-guice/ Guice includes a plugin for s2 in their downloads page. It is as simple to get started with as the spring plugin. Warp includes persistence module and a better servlet filter. http://www.wideplay.com/home You can't just switch from spring to guice to no DI. framework. You have to pick one and take the time to learn it I'm afraid :-). Learning J2EE's security, spring's security or guice+warp are time well spent. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to set remoteuser
yes :-) you are right ! i just confused bcoz showing various aspects :confused::confused: Jeromy Evans - Blue Sky Minds wrote: he he, that's also a major decision if you want to go down that path. I don't recommend jumping after whichever approach seems least effort (btw, your original approach to use a realm or not using the principal at all is least initial effort if you don't want to learn another framework). http://code.google.com/p/google-guice/ Guice includes a plugin for s2 in their downloads page. It is as simple to get started with as the spring plugin. Warp includes persistence module and a better servlet filter. http://www.wideplay.com/home You can't just switch from spring to guice to no DI. framework. You have to pick one and take the time to learn it I'm afraid :-). Learning J2EE's security, spring's security or guice+warp are time well spent. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19177755.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
how to set remoteuser
hi we can get remoteuser using request.getremoteuser() but how we can set it? - Java/J2EE developer India blogs http://hardik4u.wordpress.com wordpress blog -- View this message in context: http://www.nabble.com/how-to-set-remoteuser-tp19174978p19174978.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]