tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From se...@gmx.ch
Subject Re: User-password from the HttpServletRequest
Date Wed, 02 May 2007 18:56:26 GMT
Im using a FORM based authentication. Im not sure, but I think to remember that I once had
the possibility to see all the user stuff (password, roles, database password, database user,
etc.) but I dont know where ;-).

Im using the password of the authentification to encrypt and decrypt some data to a database
user specific (each users own data has the users password).

To get to the password must be possibly, not?



-------- Original-Nachricht --------
Datum: Wed, 2 May 2007 20:46:40 +0200
Von: "Johnny Kewl" <john@kewlstuff.co.za>
An: "Tomcat Users List" <users@tomcat.apache.org>
Betreff: Re: User-password from the HttpServletRequest

> I've never seen a function that will do that... think its a security
> thing.
> I think you have to get the user name, and then Parse the User file 
> yourself, or read the database yourself... whatever realm you using.
> 
> If its BASIC authorization you using you could just decode the
> authorization 
> header, but the only reason that works is because its a weak form of 
> protection... if the admin guy switched to DIGEST... that method will
> break.
> 
> I've just about finished an alternative SSO authorization system for
> Tomcat, 
> thus my interest in your question... I'd be reluctant to expose passwords
> in 
> the API, however there may be a terrific reason for it... would you mind 
> telling me why you want to do this?
> 
> ----- Original Message ----- 
> From: <sebbo@gmx.ch>
> To: <users@tomcat.apache.org>
> Sent: Wednesday, May 02, 2007 6:56 PM
> Subject: User-password from the HttpServletRequest
> 
> 
> > Hi
> >
> > How can I get the password from the logged in user via the 
> > HttpServletRequest in general? (I need the password in a servlet filter
> to 
> > do some stuff)
> >
> > And there some web server independent solution?
> >
> > Thanks in advance and greets
> > Sam
> > -- 
> > "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
> > Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> > 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

-- 
"Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message