I am facing a solution design problem and hence seeking your adivse here.
Scenario
1. There is a security layer in a running
EJB system that decides the access privileges of various user groups on various resources (files, images etc).
2. A webdav application using jakarta slide is being developed to be deployed under tomcat that will give the access to the resources.
3. Apache is acting as web server with which tomcat is connected as a web container (for servlets/jsp) files.
4. I initially am using apache's htpasswd.exe file to generate username/password for basic authentication. It works fine as far as I have created the user or group in that file and shown the URL to be protected (
http://localhost/testDav instead of
http://localhost:8080/testDav), popping up the basic authentication dialog box.
Problem
Now I need that user will point to
http://localhost/testDav URL in his browser, get the basic or any other authentication (basic is sufficient in this case), after submitting the username and password the request will go to the slide's
servlet, say TestWebDavServlet. Then this servlet will call the security layer's API of the EJB system to authenticate and authorize the user and thus provide or deny access to the user. That means using the passwords text file is not sufficient in this case.
Query
Please let me know, if the whole idea is feasible or their is a basic misunderstanding of teh problem by me? What are the alternatives to me in this scenario. Once I can get the username and password as
string to my servlet I can do the rest. But how can I get that as I am not using tomcat as a web server rather using apache as web server?
Looking for comments from you.
Regards,
Muhammad Ashikuzzaman (Fahim)
[ January 16, 2004: Message edited by: Ashik uzzaman ]