You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Thomas Haines <th...@recallmedia.com.au> on 2008/08/24 16:16:27 UTC
automatic login
Hi all
I'm trying to figure out a way to "automatically login" a user. It
arises when they have created an account, and I don't want to then
direct them back to a login page - rather, I want to, in this
instance, just log them in.
I am using Tomcat's container-managed security.
I am using CentOS / JVM 1.6 / apache-tomcat-6.0.14.
Does anyone know if the API allows this (and if so, how!)?
I guess I could implement my own application-managed security, but I'd
like to stick with the tomcat implementation.
Cheers
Tom
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: automatic login
Posted by Johnny Kewl <jo...@kewlstuff.co.za>.
----- Original Message -----
From: "Thomas Haines" <th...@recallmedia.com.au>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Sunday, August 24, 2008 4:16 PM
Subject: automatic login
> Hi all
>
> I'm trying to figure out a way to "automatically login" a user. It
> arises when they have created an account, and I don't want to then direct
> them back to a login page - rather, I want to, in this instance, just log
> them in.
>
> I am using Tomcat's container-managed security.
>
> I am using CentOS / JVM 1.6 / apache-tomcat-6.0.14.
>
> Does anyone know if the API allows this (and if so, how!)?
>
> I guess I could implement my own application-managed security, but I'd
> like to stick with the tomcat implementation.
>
> Cheers
> Tom
Tom I actually do my own auth thing... but I think in theory you can try
this...
Emulate a client from your code... its not too difficult doing a 'post' from
java, or use httpclient, whatever you want to... then send the form stuff to
TC... TC will send you back a cookie... JSessionID = whatever
Then set that cookie manually when you send the first page back to the
user...
I think that will fool TC's security into thinking the client is logged
on...
There is no real way that I know of for intercepting TC's security (for good
reasons) other than valves, and its actually easier to just do your own
thing if you go that way... I think
Its interesting stuff...
Have fun...
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: automatic login
Posted by Thomas Haines <th...@recallmedia.com.au>.
Hi Chris
Thanks. This looks like 'just the ticket' - I'll take a look.
Tom
On 27/08/2008, at 5:23 AM, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thomas,
>
> Thomas Haines wrote:
>> I'm trying to figure out a way to "automatically login" a user. It
>> arises when they have created an account, and I don't want to then
>> direct them back to a login page - rather, I want to, in this
>> instance,
>> just log them in.
>
> Tomcat's authentication neither directly nor indirectly support
> this. On
> the other hand, securityfilter (http://securityfilter.sourceforge.net)
> does indirectly support forced-logins (I use it myself in one of my
> apps
> in production). You just have to place a Principal object in the
> session
> under the right key.
>
> - -chris
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAki0dGkACgkQ9CaO5/Lv0PBSIgCgizdNmuCq811TK4I3JKwmKYaK
> 9oUAnjVyufsJ8dejX8eZKlalLYf99IrV
> =bOCf
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: automatic login
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas,
Thomas Haines wrote:
> I'm trying to figure out a way to "automatically login" a user. It
> arises when they have created an account, and I don't want to then
> direct them back to a login page - rather, I want to, in this instance,
> just log them in.
Tomcat's authentication neither directly nor indirectly support this. On
the other hand, securityfilter (http://securityfilter.sourceforge.net)
does indirectly support forced-logins (I use it myself in one of my apps
in production). You just have to place a Principal object in the session
under the right key.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAki0dGkACgkQ9CaO5/Lv0PBSIgCgizdNmuCq811TK4I3JKwmKYaK
9oUAnjVyufsJ8dejX8eZKlalLYf99IrV
=bOCf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org