incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske" <harry.met...@gmail.com>
Subject passing Tomcat's container authentication results ?
Date Thu, 04 Sep 2008 07:28:06 GMT
Hi all,

I have a question about JSPWiki login, using Container Managed
Authentication.
When the login fails, you get no reason why the login fails, you just get
the login screen presented again.
Now, I can understand that this is done for security reasons.

However, in an intranet environment this is a bit too rigorous (at least it
is not what we want).
We are using JSPWiki with container managed authentication (Tomcat), and
there are several reasons why a login could fail, and we would like to tell
the user the reason, like:
- userid does not exist
- userid is revoked
- password not matched
- password is expired

The only way to find out why the login fails, is to look in the tomcat log
or the system logs, but for an ordinary JSPWiki user, that is not an option.

So my question is, is it possible to pass the authentication results from
the container (Tomcat in our case) to the webapplication (JSPWiki), so it
can be presented to the user who tries to login ?

(We are using a subclass of org.apache.catalina.realm.RealmBase and one of
the authenticate() methods is implemented with the actual auth. request,
that's the place where we have the information that is needed, but I have
not found a way to pass this to JSPWiki)

Any hints or suggestions are welcome, thanks in advance ..
-- 
met vriendelijke groet,
Harry Metske
Telnr. +31-548-512395
Mobile +31-6-51898081

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message