tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <j...@kewlstuff.co.za>
Subject Re: User-password from the HttpServletRequest
Date Wed, 02 May 2007 18:46:40 GMT
I've never seen a function that will do that... think its a security thing.
I think you have to get the user name, and then Parse the User file 
yourself, or read the database yourself... whatever realm you using.

If its BASIC authorization you using you could just decode the authorization 
header, but the only reason that works is because its a weak form of 
protection... if the admin guy switched to DIGEST... that method will break.

I've just about finished an alternative SSO authorization system for Tomcat, 
thus my interest in your question... I'd be reluctant to expose passwords in 
the API, however there may be a terrific reason for it... would you mind 
telling me why you want to do this?

----- Original Message ----- 
From: <sebbo@gmx.ch>
To: <users@tomcat.apache.org>
Sent: Wednesday, May 02, 2007 6:56 PM
Subject: User-password from the HttpServletRequest


> Hi
>
> How can I get the password from the logged in user via the 
> HttpServletRequest in general? (I need the password in a servlet filter to 
> do some stuff)
>
> And there some web server independent solution?
>
> Thanks in advance and greets
> Sam
> -- 
> "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
> Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message