tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jerry.f...@amd.com
Subject RE: Custom Authentication
Date Tue, 22 Jan 2002 16:35:16 GMT

You can try to extend the FormAuthenticator to add your extra thing. The class is declared
as final. But it is very easy to make a turn around.

-Jerry


-----Original Message-----
From: Luke Studley [mailto:Luke.Studley@cerillion.com]
Sent: Tuesday, January 22, 2002 10:02 AM
To: 'Tomcat Users List'
Subject: RE: Custom Authentication


You need to write your own Realm implementation. Look at the source for the
JDBC Realm.

On another issue to do with Login - Does anyone know how to pass multiple
credentials using a FORM login.
E.g. the user needs to input a password and a passphrase - But the Realm
only get the j_password field.

Is it possible to get access to the HttpRequest in the Realm to check for
other parameters?

Cheers

Luke


-----Original Message-----
From: Ricardo Ramalho [mailto:rramalho@eworks.pt] 
Sent: 22 January 2002 14:51
To: Tomcat Users List
Subject: Custom Authentication

Hi ppl! Again....

It looks like i wasn't very accurate in my first question here...
What i wanted to do is something like this: (hope you guys can help) This is
my actual Athentication class, with uses BASIC login.


import java.lang.*;
import java.sql.*;
import javax.sql.*;
import javax.naming.*;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import java.security.*;
import allaire.jrun.util.*;
import allaire.jrun.security.*;

public class Autentica implements AuthenticationInterface
{
    /**
     * Initialize the authentication service
     * @param props The properties for the service
     */
    public void init(OrderedProperties props) throws Exception
    {
            //Não se faz nada aki
    }

    /**
     * Destroy the service
     */
    public void destroy()
    {
            //Não se faz nada aki
    }

    /**
     * Authenticate the given user with the given credentials (such
     * as a password).
     * @param req The servlet request
     * @param username The username to authenticate
     * @param method The type of authentication method (BASIC, DIGEST, FORM,
     * or CLIENT-CERT)
     * @param credentials Password and/or other credentials necessary
     * in authenticating the user
     * @return The Principal associated with the given username, or null
     * if authentication failed
     */
    public Principal authenticate(HttpServletRequest req, String username,
String password) {
                Principal principal = null;
  //tipos para a ligação à base de dados
  Connection dbCon = null;
  Statement dbStat = null;
  String sqlStat = null;
  ResultSet dbRes = null;

                // If we have a password, attempt to validate it
                if (password != null) {
                        try {
                                String dbPass = null;
                                //Acesso à base de dados - apanhar uma
conecção da pool de conexoes do JRun
           InitialContext ctx = new InitialContext();
           DataSource ds =
(DataSource)ctx.lookup("java:comp/env/jdbc/test_db");
           dbCon = ds.getConnection();
           dbStat = dbCon.createStatement();
                                sqlStat = "SELECT passwd FROM users WHERE
user='" + username + "'";
                                dbRes = dbStat.executeQuery(sqlStat);
                                dbRes.next();
                                dbPass = dbRes.getString(1);
                                if (dbPass.equals(password)) {
                                        principal = new
AuthenticatedPrincipal(username);
                                }
                        } catch (Exception e) {
                                e.printStackTrace();
                        }
        }
        return principal;
    }

    /**
     * Determines if the given principal (user) has been granted the
     * given role within this authentication realm.
     * @param principal The principal (user) to verify
     * @param role The role to verify
     * @return true if the principal is part of the given role
     */
    public boolean isPrincipalInRole(Principal principal, String role)
    {
        return true;
    }
}


Thank you for any help in advance

-------------------------------------------------
Ricardo Ramalho
Carcavelos Lisbon Portugal
EWorks Consulting
-------------------------------------------------



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message