geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: Realm Authentication
Date Sat, 30 Dec 2006 03:38:50 GMT

On Dec 29, 2006, at 9:17 PM, wrote:

> Hi All,  Thanks for the previous help.  I was able to successfully
> create a JDBC Realm using MySQL, construct a small test app, and  
> deploy
> it to geronimo.  I had a few issues with my geronimo-web.xml, but
> eventually figured it out:)
> I have a few additional questions which are more development than
> container related.
> 1. How would one programmatically authenticate a user within a Realm?
> For instance, if one had a main menu logon page and wanted to
> programmatically authenticate the user so that later traversal into a
> realm protected resource would not require an additional  
> authentication
> dialog from the containers declarative security.

I don't see why you'd call this programmatic authentication.   
Jetspeed 2 has something like this.  There's a portlet on a tab that  
you can choose at any time to use to login, and after you do you get  
to see all the secured portles as well as unsecured ones.  I'm not  
sure I understand completely how it works, but last year I got it  
working in geronimo.

You can browse the servlets here: 

and the web.xml here: 

My impression is that all you need to do is provide a link to a  
secured resource and set up the form login stuff so you will get  
logged in on the way there.  However I might not be understanding  
exactly what you are trying to do.
> 2. Does anyone have a methodology to succesfully integrated httpd  
> server
> and geronimo server authentication?  mod_auth_mysql can be used in the
> httpd server with the same database of users and roles that are
> utilized in a JDBC Security Realm.  Can the mod_jk be configured in  
> any
> manner to pass through user identities that have been authenticated in
> the httpd server?  Will the httpd server place the user id and role
> information in the http metadata to be extracted progamatically and
> utilized by the answer to Q1?

This I really don't know about :-)  However from my limited  
understanding of the jetspeed stuff I think it might be possible to  
have httpd include the username and password as http headers and have  
one of those servlets fish them out and use them to authenticate.

You kind of have a question here as to whether you want your j2ee web  
server to trust the authentication done by httpd or whether you want  
both to authenticate, just using the same credentials.  I'd lean  
towards the second.... but I also have to ask why you want httpd to  
authenticate at all.

Not sure if this is likely to help or not /-)

david jencks

> Just a few musings on single sign-on:)
> Thanks to all in advance!
> Mark Aufdencamp

View raw message