Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User Authentification with servlet

 
heiner weilandt
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
i want to authentificate users by a servlet. i have an html-login and the user/password as a parameter.
i know i can authentificate the user with http-request and headers, but i have to authentificate the user in this servlet.
how can i do this, that the "request.getRemoteUser()" is not null, but my registred user ?
is it possible to copy a sample-code ?
thanks for help
heiner
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Authentication is covered fairly often in the Servlets forum, so I recommend a search first. You'll find threads like this one:
http://www.coderanch.com/t/355825/Servlets/java/Authentication-getRemoteUser
As I understand it, the difference is that you want the user to pass the credentials (ie username password) to a servlet and have the servlet log them into the servlet container's authentication method without using the usual mechanism.
Application servers usually supply a separate way to achieve this, but it different in each server and I'm not aware of any way to do it in Tomcat. I had a quick look a while ago but got nowhere.
From memory the class to use in WebSphere is SSOAuthenticator, no idea which package or jar it lives in, I'd have to go search.
Hope this helps.
Dave
 
heiner weilandt
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for reply.
i'm using websphere 4 and i cannot find any class with "SSOAuthenticator". is it the same as "Authenticator" from the jdk ?

one separat question to workaround:
can i initiate the pop-up-authentification of the browser with an error code replying from the servlet or something else ?
thanks for help
heiner
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Check this:
com.ibm.websphere.security.SSOAuthenticator
If you want to use the 'pop-up' authentication, you need to configure BASIC authentication. To set up a custom error page for failed authenication, you need to create an error page for the HTTP error codes 403 (unauthorised) or... um... is it 409? I can't remember
Does that help?
Dave
 
heiner weilandt
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes, i found that class ! thanks. i'm trying.....
but:
i don't want to response an error, i want to response an code or something, that the browser comes up with the pop-up of a login-mask. is it possible to do this by an servlet, that is reachable by public users ?
 
heiner weilandt
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i'm trying this:

and this exception apears in line 2:
java.lang.NullPointerException

whats wrong ?
LTPA and SSO are enabled.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's pretty much the same code I have.
The next big question is what version of WebSphere you are running.
We're probably getting to the point where we need to have this dicussion in the IBM/Websphere forum so that we can get some specific help.
I'll see about getting the thread moved there.
Dave
 
Michael Ernest
High Plains Drifter
Sheriff
Posts: 7292
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
On its way, DO'M
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic