jQuery in Action, 2nd edition*
The moose likes Servlets and the fly likes How to call 3rd party api for User Authentication in a generic way Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to call 3rd party api for User Authentication in a generic way" Watch "How to call 3rd party api for User Authentication in a generic way" New topic
Author

How to call 3rd party api for User Authentication in a generic way

Ashik Uzzaman
Ranch Hand

Joined: Jul 05, 2001
Posts: 2370

Pals,
I can use basic authentication to check if a user is one of the roles that allow him to access my resources. Now here, the username and password added in a container specific file (tomcat-users.xml for Tomcat), right? What about if I want the basic authentication to happen but the same username/password check to occur through a servlet - say the servlet calls jdbc to look for the name/password correctness or even it may call a 3rd party api like authenticateUser(name, password) etc? Is the solution in using Tomcat's Realm? But that's again Tomcat specific, my solution may ultimately have to be deployed in JBoss with Jetty though during developemt I am using Tomcat and Resin.
The problem now is that fro my servlet I can get the user using getRemoteUser(), but request.getRemoteUser() or request.getUserPrincipal() can't give me the password. If I could get the password, then after taking the username, password from user I would forward them to my servlet and I could call the 3rd party from servlet.
If its not feasible with basic authentication, in that case I have no choice other than tomcat's realm, then is it feasible using digest or form-based authentication? How? :roll:
--- Ashik
[ January 20, 2004: Message edited by: Ashik uzzaman ]
[ January 20, 2004: Message edited by: Ashik uzzaman ]

Ashik Uzzaman
Senior Member of Technical Staff, Salesforce.com, San Francisco, CA, USA.
Balaji Loganathan
author and deputy
Bartender

Joined: Jul 13, 2001
Posts: 3150
May sound stupid but
  • how abt storing them in an XML file or .properties under web-inf/db directory
  • or using tiny db's like hsqldb under web-inf/db directory ?

  • The above two choice is not application server specific and you can ship anywhere.


    Spritle Software Blogs
    Ashik Uzzaman
    Ranch Hand

    Joined: Jul 05, 2001
    Posts: 2370

    Balaji,
    Thanks for the response. I considered both the approaches earlier and had to leave those. The problem is I am writing a webapp that will be deployed in an existing system where the authenticateUser(name, password) method is already written. I have to call that from my servlet only by accepting the name, password from the client but in the same time use the native login dialog box so that if an webdav client (say through web folders of windows xp) also tries to access, he gets the same authentication dialogue box to input username/password.
    --- Ashik
    Balaji Loganathan
    author and deputy
    Bartender

    Joined: Jul 13, 2001
    Posts: 3150
    Ashik,
    Will this article help you http://www.fawcette.com/javapro/2002_06/magazine/features/bkurniawan/Default.aspx , sorry can't ponder much on this.
     
    With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
     
    subject: How to call 3rd party api for User Authentication in a generic way
     
    Similar Threads
    Apache Authentication in a webdav application under tomcat
    Slide Implemented Sucesssfully
    Advice on form-authentication
    getRemoteUser
    I need book suggestions for authentication and authorisation for a web app