hi
we can get remoteuser using request.getremoteuser() but how we can set it? |
Hardik Shah wrote:
> hi > we can get remoteuser using request.getremoteuser() but how we can set it? > > ----- > One approach is to wrap the request object. Create a Filter, decorate the HttpServletRequest with one the implements setRemoteUser() and delegates all other methods to the original. When getRemoteUser is invoked it checks it's local value first and if not set delegate to the wrapped request object. Only your code needs to be aware of the special implementation in order to set the remote user. A proxy of HttpServletRequest that does the same thing may also be possible. Not sure... A better approach is to use the container's authentication as intended so the remoteUser is managed by it.. --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
i think u are saying about jdbc realm for container's authentication! |
In reply to this post by Jeromy Evans - Blue Sky Minds
my first and last goal about that i want to maintain single sign on without storing user information in session
i have also integrated hibernate with it ,can i use for achieve somthing like or not? |
In reply to this post by Hardik Shah
Hardik Shah wrote:
> > Jeromy Evans - Blue Sky Minds wrote: > >> A better approach is to use the container's authentication as intended >> so the remoteUser is managed by it.. >> >> >> > > i think u are saying about jdbc realm for container's authentication! > > > Correct. It's not as bad as it first seems if you manage the entries in the two tables (for tomcat) yourself. Otherwise the next step is a third party library like Spring Security. --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
try to use jdbcrealm but when submit gives error like HTTP Status 400 - Invalid direct reference to form login page finding solution from 2 days ,even no good tutorial found for that ,i surprised why this topic not included in struts 2 tutorial |
In reply to this post by Hardik Shah
Hardik Shah wrote:
> my first and last goal about that i want to maintain single sign on without > storing user information in session > i have also integrated hibernate with it ,can i use for achieve somthing > like or not? > > > Do you mean single sign-on as in across multiple domains or webapps? If so, this will probably be container specific. If you mean a stateless authentication approach (ie. they sign in once, then each subsequent request includes the credentials so you don't have to maintain a session for them), then: - use HTTP basic (or digest) so the browser must authentic each request - this will need to be setup in your container - if you use a JDBC realm, then, with tomcat at least, you can allow tomcat to access the tables directly and use your own webapp to add/remove users in those tables. To avoid the terrible browser pop-up for credentials: - if the user has javascript, perform login via an asynchronous request; - if the user doesn't have javascript, allow the container to redirect them to a plain old J2EE login page When you have a HTTP server in front of your J2EE container it gets a little more complicated; I'm not too sure about that. This isn't as trivial as it should be. There may be a better approach. --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
In reply to this post by Hardik Shah
Hardik Shah wrote:
> > Jeromy Evans - Blue Sky Minds wrote: > >> Correct. It's not as bad as it first seems if you manage the entries in >> the two tables (for tomcat) yourself. >> Otherwise the next step is a third party library like Spring Security. >> >> >> >> > > try to use jdbcrealm but when submit > > gives error like > > HTTP Status 400 - Invalid direct reference to form login page > > finding solution from 2 days ,even no good tutorial found for that ,i > surprised why this topic not included in struts 2 tutorial > Get it to work without a login page first. Just allow it to popup with the browser dialog and for the container to authenticate via JDBC. When that works, investigate how to configure you container to redirect to a login page. I suspect most users implement their own custom authentication strategy, which means the Principle isn't valid, or they use Spring Security. --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
i want use >>If you mean a stateless authentication approach (ie. they sign in once, >>then each subsequent request includes the credentials so you don't have >>to maintain a session for them), this approach in single webapp thanks i should go with spring security ,but it works fine with s2? |
Hardik Shah wrote:
> > > > this approach in single webapp > > thanks > > i should go with spring security ,but it works fine with s2? > > \ Yes, others definitely use it with S2 and Spring. It takes substantial amount of effort to learn. You may have to ask for specific help about that after going through the tutorials. I don't use spring security myself as I mainly use Guice/Warp which requires a different solution. Spring Security/Acegi is much more common. --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
yes you are right ,i have just seen that ,it might be took so much longer time could you provide basic stuff or link for implementing Guice/Warp with s2 |
Hardik Shah wrote:
> > > > could you provide basic stuff or link for implementing Guice/Warp with s2 > > ----- > he he, that's also a major decision if you want to go down that path. I don't recommend jumping after whichever approach seems least effort (btw, your original approach to use a realm or not using the principal at all is least initial effort if you don't want to learn another framework). http://code.google.com/p/google-guice/ Guice includes a plugin for s2 in their downloads page. It is as simple to get started with as the spring plugin. Warp includes persistence module and a better servlet filter. http://www.wideplay.com/home You can't just switch from spring to guice to no DI. framework. You have to pick one and take the time to learn it I'm afraid :-). Learning J2EE's security, spring's security or guice+warp are time well spent. --------------------------------------------------------------------- To unsubscribe, e-mail: [hidden email] For additional commands, e-mail: [hidden email] |
yes
![]() i just confused bcoz showing various aspects ![]() ![]()
|
Free forum by Nabble | Edit this page |