tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig Berry" <Craig.Be...@portblue.com>
Subject RE: Realm
Date Sun, 25 May 2003 04:53:42 GMT
The username can be obtained using the HttpServletRequest.getUserPrincipal method (see http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpServletRequest.html).
 See the Principal doc on how to get the username string from the returned Principal object.
 
In general, if you're going to use JAAS authentication, it's wise to design your app so that
it doesn't need to know the logged-in user's password.  None of the standard authenticators
put it anywhere conveniently accessible, and for good reason; the less code involved in handling
passwords, the fewer places there are for a security exploit to grab it.  If you really need
to get the password to your own code, you'll need to write a custom JAAS authenticator that
does what you need.
 

	-----Original Message----- 
	From: Paul Hsu [mailto:hsu.paul@verizon.net] 
	Sent: Sat 5/24/2003 9:39 PM 
	To: tomcat-user@jakarta.apache.org 
	Cc: 
	Subject: Realm
	
	

	Hi,
	I am using Tomcat Realm to authenticate user to access web site. I have one question is how
can I catch the user name/password after tomcat server authenticate user (Tomcat will pop
up a authenticate screen)? Any help would be appreciated.
	
	Paul 

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message