tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Form based security and "Remember Me"
Date Fri, 21 Feb 2003 08:23:45 GMT

"John Trollinger" <jakarta@trollingers.com> wrote in message
news:038a01c2d91f$14fc2e40$fc0110ac@jtrollingerxp...
> But does this work with Form based authenticaiton and realms... How do
> you let the realm know that the user remembered so the login can be
> bypassed?

If you don't mind being tied to Tomcat, then it is a pretty simple Valve
(I'm assuming that you want 4.x here).  Something like:

public class MyAuthValve implements Valve {

   private String myInfo = "MyAuthValve/1.0";
   private static final String myAuthCookie="MyAuthCookie";

    public MyAuthValve() {
    }

   public String getInfo() {
      return myInfo;
   }

   public void invoke(Request request, Response response, ValveContext
context) {
       if( request instanceof HttpRequest ) {
             HttpRequest hReq = (HttpRequest)request;
             HttpServletRequest req = (HttpServletRequest)
hReq.getRequest();
             Cookie [] cookies = req.getCookies();
              for(int i=0; i < cookies.length; i++) {
                  if( myAuthCookie.equals(cookies[i].getName()) ) {
                    MyPrincipal myPrin = new
MyPrincipal(cookies[i].getValue());
                    hReq.setUserPrincipal(myPrin);
                    break;
                 }
             }
      }
      context.invokeNext(request, response);
   }
}

Of course, all of the implementations of all of the "My*" classes are left
to the reader :-).


>
> John
>
> > -----Original Message-----
> > From: Shapira, Yoav [mailto:Yoav.Shapira@mpi.com]
> > Sent: Thursday, February 20, 2003 3:23 PM
> > To: Tomcat Users List
> > Subject: RE: Form based security and "Remember Me"
> >
> >
> >
> > Howdy,
> > I'm not doing this, and I'm one of those people who cleans
> > their cache every time their browser is closed (12Ghosts auto
> > wash is among the greatest tools I've ever seen for any
> > computing purpose, ever), so Remember Me functionality
> > doesn't typically work for me, but...
> >
> > >Is anyone doing this at all?  And if so how?
> >
> > Assuming remember me is a checkbox, e.g.
> > <input type="checkbox" name="rememberUser">Remember Me</input>
> >
> > Then something like:
> > String rememberUserString = request.getParameter("rememeberUser");
> > if((rememebrUserString != null) &&
> >    (rememeberUserString.equalsIgnoreCase("true")) {
> >      //  Create cookie
> >      Cookie userInfoCookie = new Cookie(...);
> >      response.addCookie(userInfoCookie);
> > }
> >
> > Then other pages in the app attempt to retrieve the cookie (using
> > request.getCookies() and iterating through the cookies.  You
> > can retrieve the information in a fairly cross-browser,
> > server-independent way.
> >
> > You can also set attributes in the session
> > (HttpSession.setAttribute("myUserName", username) or
> > whatever) or do it in many other ways.
> >
> > Yoav Shapira
> > Millennium ChemInformatics
> >
> >
> >
> >
> > This e-mail, including any attachments, is a confidential
> > business communication, and may contain information that is
> > confidential, proprietary and/or privileged.  This e-mail is
> > intended only for the individual(s) to whom it is addressed,
> > and may not be saved, copied, printed, disclosed or used by
> > anyone else.  If you are not the(an) intended recipient,
> > please immediately delete this e-mail from your computer
> > system and notify the sender.  Thank you.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message