how to set remoteuser

hi
we can get remoteuser using request.getremoteuser() but how we can set it?

Hardik Shah wrote:
> hi
> we can get remoteuser using request.getremoteuser() but how we can set it?
>
> -----
>  

One approach is to wrap the request object.  Create a Filter, decorate
the HttpServletRequest with one the implements setRemoteUser() and
delegates all other methods to the original.  When getRemoteUser is
invoked it checks it's local value first and if not set delegate to the
wrapped request object.  Only your code needs to be aware of the special
implementation in order to set the remote user.

A proxy of HttpServletRequest that does the same thing may also be
possible. Not sure...

A better approach is to use the container's authentication as intended
so the remoteUser is managed by it..




---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jeromy Evans - Blue Sky Minds wrote

A better approach is to use the container's authentication as intended
so the remoteUser is managed by it..

i think u are saying about jdbc realm for container's authentication!

my first and last goal about that i want to maintain single sign on without storing user information in session
i have also integrated hibernate with it ,can i use for achieve somthing like or not?

Hardik Shah wrote:
Correct.  It's not as bad as it first seems if you manage the entries in
the two tables (for tomcat) yourself.
Otherwise the next step is a third party library like Spring Security.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jeromy Evans - Blue Sky Minds wrote

Correct.  It's not as bad as it first seems if you manage the entries in
the two tables (for tomcat) yourself.
Otherwise the next step is a third party library like Spring Security.

try to use jdbcrealm but when submit

gives error like

HTTP Status 400 - Invalid direct reference to form login page

finding solution from 2 days ,even no good tutorial found for that ,i surprised why this topic not included in struts 2 tutorial

Hardik Shah wrote:
> my first and last goal about that i want to maintain single sign on without
> storing user information in session
> i have also integrated hibernate with it ,can i use for achieve somthing
> like or not?
>
>
>  


Do you mean single sign-on as in across multiple domains or webapps? If
so, this will probably be container specific.

If you mean a stateless authentication approach (ie. they sign in once,
then each subsequent request includes the credentials so you don't have
to maintain a session for them), then:
 - use HTTP basic (or digest) so the browser must authentic each request
 - this will need to be setup in your container
 - if you use a JDBC realm, then, with tomcat at least, you can allow
tomcat to access the tables directly and use your own webapp to
add/remove users in those tables.
 
To avoid the terrible browser pop-up for credentials:
 - if the user has javascript, perform login via an asynchronous request;
 - if the user doesn't have javascript, allow the container to redirect
them to a plain old J2EE login page

When you have a HTTP server in front of your J2EE container it gets a
little more complicated; I'm not too sure about that.

This isn't as trivial as it should be.  There may be a better approach.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Hardik Shah wrote:
Get it to work without a login page first.  Just allow it to popup with
the browser dialog and for the container to authenticate via JDBC.  When
that works, investigate how to configure you container to redirect to a
login page.

I suspect most users implement their own custom authentication strategy,
which means the Principle isn't valid, or they use Spring Security.



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jeromy Evans - Blue Sky Minds wrote

Do you mean single sign-on as in across multiple domains or webapps? If
so, this will probably be container specific.

If you mean a stateless authentication approach (ie. they sign in once,
then each subsequent request includes the credentials so you don't have
to maintain a session for them), then:

i want use
>>If you mean a stateless authentication approach (ie. they sign in once,
>>then each subsequent request includes the credentials so you don't have
>>to maintain a session for them),

this approach in single webapp

thanks

i should go with spring security ,but it works fine with s2?

Hardik Shah wrote:

Yes, others definitely use it with S2 and Spring.  It takes substantial
amount of effort to learn. You may have to ask for specific help about
that after going through the tutorials.

I don't use spring security myself as I mainly use Guice/Warp which
requires a different solution. Spring Security/Acegi is much more common.




---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jeromy Evans - Blue Sky Minds wrote

Yes, others definitely use it with S2 and Spring.  It takes substantial
amount of effort to learn. You may have to ask for specific help about
that after going through the tutorials.

yes you are right ,i have just seen that ,it might be took so much longer time

Jeromy Evans - Blue Sky Minds wrote

I don't use spring security myself as I mainly use Guice/Warp which
requires a different solution. Spring Security/Acegi is much more common.

could you provide basic stuff  or link for implementing Guice/Warp with s2

Hardik Shah wrote:
>
>
>  
> could you provide basic stuff  or link for implementing Guice/Warp with s2
>
> -----
>  

he he, that's also a major decision if you want to go down that path.
I don't recommend jumping after whichever approach seems least effort
(btw, your original approach to use a realm or not using the principal
at all is least initial effort if you don't want to learn another
framework).

http://code.google.com/p/google-guice/

Guice includes a plugin for s2 in their downloads page. It is as simple
to get started with as the spring plugin.  Warp includes persistence
module and a better servlet filter.

http://www.wideplay.com/home

You can't just switch from spring to guice to no DI. framework. You have
to pick one and take the time to learn it I'm afraid :-).  Learning
J2EE's security, spring's security or guice+warp are time well spent.


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

yes  you are right !
i just confused bcoz showing various aspects

Jeromy Evans - Blue Sky Minds wrote

he he, that's also a major decision if you want to go down that path.
I don't recommend jumping after whichever approach seems least effort
(btw, your original approach to use a realm or not using the principal
at all is least initial effort if you don't want to learn another
framework).

http://code.google.com/p/google-guice/

Guice includes a plugin for s2 in their downloads page. It is as simple
to get started with as the spring plugin.  Warp includes persistence
module and a better servlet filter.

http://www.wideplay.com/home

You can't just switch from spring to guice to no DI. framework. You have
to pick one and take the time to learn it I'm afraid :-).  Learning
J2EE's security, spring's security or guice+warp are time well spent.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org