tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Hsu" <hsu.p...@verizon.net>
Subject Re: Realm
Date Sun, 25 May 2003 17:42:41 GMT
Craig,

Thank you for your help.
You are correct I don't need to grab the password. You mean I just need to
write a servlet and catch the user name from request and get all user
information and save them in session. But how can I ask Realm to call my
servlet after Tomcat do the authentication. I like to do same thing as
www.datek.com website do. This web site can pull your account information
after you log in.

thanks,

Paul
----- Original Message -----
From: "Craig Berry" <Craig.Berry@portblue.com>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>;
<tomcat-user@jakarta.apache.org>
Sent: Saturday, May 24, 2003 9:53 PM
Subject: RE: Realm


> The username can be obtained using the HttpServletRequest.getUserPrincipal
method (see
http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpServl
etRequest.html).  See the Principal doc on how to get the username string
from the returned Principal object.
>
> In general, if you're going to use JAAS authentication, it's wise to
design your app so that it doesn't need to know the logged-in user's
password.  None of the standard authenticators put it anywhere conveniently
accessible, and for good reason; the less code involved in handling
passwords, the fewer places there are for a security exploit to grab it.  If
you really need to get the password to your own code, you'll need to write a
custom JAAS authenticator that does what you need.
>
>
> -----Original Message-----
> From: Paul Hsu [mailto:hsu.paul@verizon.net]
> Sent: Sat 5/24/2003 9:39 PM
> To: tomcat-user@jakarta.apache.org
> Cc:
> Subject: Realm
>
>
>
> Hi,
> I am using Tomcat Realm to authenticate user to access web site. I have
one question is how can I catch the user name/password after tomcat server
authenticate user (Tomcat will pop up a authenticate screen)? Any help would
be appreciated.
>
> Paul
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message