On 4/7/06, Rohit Rai <[EMAIL PROTECTED]> wrote: > Thanks Aaron for the reply. > > By your reply I understand that I'll have to modify the server code itself. > But that is not possible.
No, not in the server code really. You need to make a custom JAAS LoginModule, which is part of a security realm. It would work with any app server supporting JAAS (and most of them do). I was suggesting you copy one of ours to start with since that would save you 95% of the code, but you could create one from scratch if you wanted to. > Am trying to find a work around in my application code. Well, for a strictly application solution, your application could hash the password before submitting it to the security realm, and then the security realm could contain the hashed passwords, so as far as the security realm was concerned the hashed passwords would be the "real" passwords, but your application would know better. I think I can dig up an example of this if you like (IIRC it uses form based login, and the form doesn't submit to j_security_check, but instead to a servlet that hashes the password and redirects with the username and hashed password to j_security_check). > Will keep you people updated. > > Will be glad to see it as a regular feature in Geronimo. > How do I join Geronimo Jira? Go to http://issues.apache.org/jira/secure/BrowseProject.jspa?id=10220 and click the "Log In" link and I believe the screen there has a link to sign up for an account. Thanks, Aaron