geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@aufdencamp.com
Subject RE: Realm Authentication
Date Sat, 30 Dec 2006 03:56:11 GMT
Thanks for the response David.  I'd like to auth a user up front on a
programatic page "voluntarily".  This allows content customization
prior to secured content access without requiring a second
authentication via the container.

I would also like to be able to use the same user auth info within httpd
for traditional http auth via .htaccess files.  This allows me to create
small micro sites that can be user managed in an httpd context, but
still provide a single sign-on environment into the webapp components.

My guess is the user info can be had in the http headers like you
suggest, but how does one auth the user in geronimo without submitting
a form to j_security_check.  Can this be done via some container class
method?

> -------- Original Message --------
> Subject: Re: Realm Authentication
> From: David Jencks <david_jencks@yahoo.com>
> Date: Fri, December 29, 2006 8:38 pm
> To: user@geronimo.apache.org
> 
> On Dec 29, 2006, at 9:17 PM, mark@aufdencamp.com wrote:
> 
> > Hi All,  Thanks for the previous help.  I was able to successfully
> > create a JDBC Realm using MySQL, construct a small test app, and  
> > deploy
> > it to geronimo.  I had a few issues with my geronimo-web.xml, but
> > eventually figured it out:)
> >
> > I have a few additional questions which are more development than
> > container related.
> >
> > 1. How would one programmatically authenticate a user within a Realm?
> > For instance, if one had a main menu logon page and wanted to
> > programmatically authenticate the user so that later traversal into a
> > realm protected resource would not require an additional  
> > authentication
> > dialog from the containers declarative security.
> 
> I don't see why you'd call this programmatic authentication.   
> Jetspeed 2 has something like this.  There's a portlet on a tab that  
> you can choose at any time to use to login, and after you do you get  
> to see all the secured portles as well as unsecured ones.  I'm not  
> sure I understand completely how it works, but last year I got it  
> working in geronimo.
> 
> You can browse the servlets here:
> https://svn.apache.org/repos/asf/portals/jetspeed-2/trunk/components/ 
> portal/src/java/org/apache/jetspeed/login
> 
> and the web.xml here:
> https://svn.apache.org/repos/asf/portals/jetspeed-2/trunk/src/webapp/ 
> WEB-INF/web.xml
> 
> My impression is that all you need to do is provide a link to a  
> secured resource and set up the form login stuff so you will get  
> logged in on the way there.  However I might not be understanding  
> exactly what you are trying to do.
> >
> > 2. Does anyone have a methodology to succesfully integrated httpd  
> > server
> > and geronimo server authentication?  mod_auth_mysql can be used in the
> > httpd server with the same database of users and roles that are
> > utilized in a JDBC Security Realm.  Can the mod_jk be configured in  
> > any
> > manner to pass through user identities that have been authenticated in
> > the httpd server?  Will the httpd server place the user id and role
> > information in the http metadata to be extracted progamatically and
> > utilized by the answer to Q1?
> 
> This I really don't know about :-)  However from my limited  
> understanding of the jetspeed stuff I think it might be possible to  
> have httpd include the username and password as http headers and have  
> one of those servlets fish them out and use them to authenticate.
> 
> You kind of have a question here as to whether you want your j2ee web  
> server to trust the authentication done by httpd or whether you want  
> both to authenticate, just using the same credentials.  I'd lean  
> towards the second.... but I also have to ask why you want httpd to  
> authenticate at all.
> 
> Not sure if this is likely to help or not /-)
> 
> david jencks
> 
> >
> > Just a few musings on single sign-on:)
> >
> > Thanks to all in advance!
> >
> > Mark Aufdencamp
> > Mark@Aufdencamp.com
> >
> >


Mime
View raw message