Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Received-SPF: pass (herse.apache.org: domain of sebbo@gmx.ch designates
 213.165.64.20 as permitted sender)
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 02 May 2007 20:56:26 +0200
From: sebbo@gmx.ch
In-Reply-To: <002b01c78cea$38eeabb0$0400000a@animal>
Message-ID: <20070502185626.157840@gmx.net>
MIME-Version: 1.0
References: <20070502165622.105190@gmx.net>
 <002b01c78cea$38eeabb0$0400000a@animal>
Subject: Re: User-password from the HttpServletRequest
To: "Tomcat Users List" <users@tomcat.apache.org>
Content-Transfer-Encoding: 7bit

Im using a FORM based authentication. Im not sure, but I think to remember that I once had the possibility to see all the user stuff (password, roles, database password, database user, etc.) but I dont know where ;-).

Im using the password of the authentification to encrypt and decrypt some data to a database user specific (each users own data has the users password).

To get to the password must be possibly, not?


-------- Original-Nachricht --------
Datum: Wed, 2 May 2007 20:46:40 +0200
Von: "Johnny Kewl" <john@kewlstuff.co.za>
An: "Tomcat Users List" <users@tomcat.apache.org>
Betreff: Re: User-password from the HttpServletRequest

> I've never seen a function that will do that... think its a security
> thing.
> I think you have to get the user name, and then Parse the User file 
> yourself, or read the database yourself... whatever realm you using.
> 
> If its BASIC authorization you using you could just decode the
> authorization 
> header, but the only reason that works is because its a weak form of 
> protection... if the admin guy switched to DIGEST... that method will
> break.
> 
> I've just about finished an alternative SSO authorization system for
> Tomcat, 
> thus my interest in your question... I'd be reluctant to expose passwords
> in 
> the API, however there may be a terrific reason for it... would you mind 
> telling me why you want to do this?
> 
> ----- Original Message ----- 
> From: <sebbo@gmx.ch>
> To: <users@tomcat.apache.org>
> Sent: Wednesday, May 02, 2007 6:56 PM
> Subject: User-password from the HttpServletRequest
> 
> 
> > Hi
> >
> > How can I get the password from the logged in user via the 
> > HttpServletRequest in general? (I need the password in a servlet filter
> to 
> > do some stuff)
> >
> > And there some web server independent solution?
> >
> > Thanks in advance and greets
> > Sam
> > -- 
> > "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
> > Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> > 
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org

-- 
"Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ...
Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org