On Dec 29, 2006, at 9:17 PM, [EMAIL PROTECTED] wrote:
Hi All, Thanks for the previous help. I was able to successfully
create a JDBC Realm using MySQL, construct a small test app, and
deploy
it to geronimo. I had a few issues with my geronimo-web.xml, but
eventually figured it out:)
I have a few additional questions which are more development than
container related.
1. How would one programmatically authenticate a user within a Realm?
For instance, if one had a main menu logon page and wanted to
programmatically authenticate the user so that later traversal into a
realm protected resource would not require an additional
authentication
dialog from the containers declarative security.
I don't see why you'd call this programmatic authentication.
Jetspeed 2 has something like this. There's a portlet on a tab that
you can choose at any time to use to login, and after you do you get
to see all the secured portles as well as unsecured ones. I'm not
sure I understand completely how it works, but last year I got it
working in geronimo.
You can browse the servlets here:
https://svn.apache.org/repos/asf/portals/jetspeed-2/trunk/components/
portal/src/java/org/apache/jetspeed/login
and the web.xml here:
https://svn.apache.org/repos/asf/portals/jetspeed-2/trunk/src/webapp/
WEB-INF/web.xml
My impression is that all you need to do is provide a link to a
secured resource and set up the form login stuff so you will get
logged in on the way there. However I might not be understanding
exactly what you are trying to do.
2. Does anyone have a methodology to succesfully integrated httpd
server
and geronimo server authentication? mod_auth_mysql can be used in the
httpd server with the same database of users and roles that are
utilized in a JDBC Security Realm. Can the mod_jk be configured in
any
manner to pass through user identities that have been authenticated in
the httpd server? Will the httpd server place the user id and role
information in the http metadata to be extracted progamatically and
utilized by the answer to Q1?
This I really don't know about :-) However from my limited
understanding of the jetspeed stuff I think it might be possible to
have httpd include the username and password as http headers and have
one of those servlets fish them out and use them to authenticate.
You kind of have a question here as to whether you want your j2ee web
server to trust the authentication done by httpd or whether you want
both to authenticate, just using the same credentials. I'd lean
towards the second.... but I also have to ask why you want httpd to
authenticate at all.
Not sure if this is likely to help or not /-)
david jencks
Just a few musings on single sign-on:)
Thanks to all in advance!
Mark Aufdencamp
[EMAIL PROTECTED]
