This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
hi, i want to authentificate users by a servlet. i have an html-login and the user/password as a parameter. i know i can authentificate the user with http-request and headers, but i have to authentificate the user in this servlet. how can i do this, that the "request.getRemoteUser()" is not null, but my registred user ? is it possible to copy a sample-code ? thanks for help heiner
Authentication is covered fairly often in the Servlets forum, so I recommend a search first. You'll find threads like this one: http://www.coderanch.com/t/355825/Servlets/java/Authentication-getRemoteUser As I understand it, the difference is that you want the user to pass the credentials (ie username password) to a servlet and have the servlet log them into the servlet container's authentication method without using the usual mechanism. Application servers usually supply a separate way to achieve this, but it different in each server and I'm not aware of any way to do it in Tomcat. I had a quick look a while ago but got nowhere. From memory the class to use in WebSphere is SSOAuthenticator, no idea which package or jar it lives in, I'd have to go search. Hope this helps. Dave
Joined: Sep 10, 2002
thanks for reply. i'm using websphere 4 and i cannot find any class with "SSOAuthenticator". is it the same as "Authenticator" from the jdk ?
one separat question to workaround: can i initiate the pop-up-authentification of the browser with an error code replying from the servlet or something else ? thanks for help heiner
Check this: com.ibm.websphere.security.SSOAuthenticator If you want to use the 'pop-up' authentication, you need to configure BASIC authentication. To set up a custom error page for failed authenication, you need to create an error page for the HTTP error codes 403 (unauthorised) or... um... is it 409? I can't remember Does that help? Dave
Joined: Sep 10, 2002
yes, i found that class ! thanks. i'm trying..... but: i don't want to response an error, i want to response an code or something, that the browser comes up with the pop-up of a login-mask. is it possible to do this by an servlet, that is reachable by public users ?
That's pretty much the same code I have. The next big question is what version of WebSphere you are running. We're probably getting to the point where we need to have this dicussion in the IBM/Websphere forum so that we can get some specific help. I'll see about getting the thread moved there. Dave