Pals, I can use basic authentication to check if a user is one of the roles that allow him to access my resources. Now here, the username and password added in a container specific file (tomcat-users.xml for Tomcat), right? What about if I want the basic authentication to happen but the same username/password check to occur through a servlet - say the servlet calls jdbc to look for the name/password correctness or even it may call a 3rd party api like authenticateUser(name, password) etc? Is the solution in using Tomcat's Realm? But that's again Tomcat specific, my solution may ultimately have to be deployed in JBoss with Jetty though during developemt I am using Tomcat and Resin. The problem now is that fro my servlet I can get the user using getRemoteUser(), but request.getRemoteUser() or request.getUserPrincipal() can't give me the password. If I could get the password, then after taking the username, password from user I would forward them to my servlet and I could call the 3rd party from servlet. If its not feasible with basic authentication, in that case I have no choice other than tomcat's realm, then is it feasible using digest or form-based authentication? How? :roll: --- Ashik [ January 20, 2004: Message edited by: Ashik uzzaman ] [ January 20, 2004: Message edited by: Ashik uzzaman ]
Ashik Uzzaman Senior Software Engineer, TubeMogul, Emeryville, CA, USA.
Balaji, Thanks for the response. I considered both the approaches earlier and had to leave those. The problem is I am writing a webapp that will be deployed in an existing system where the authenticateUser(name, password) method is already written. I have to call that from my servlet only by accepting the name, password from the client but in the same time use the native login dialog box so that if an webdav client (say through web folders of windows xp) also tries to access, he gets the same authentication dialogue box to input username/password. --- Ashik