Pals,
I can use basic authentication to check if a user is one of the roles that allow him to access my resources. Now here, the username and password added in a container specific file (tomcat-users.xml for
Tomcat), right? What about if I want the basic authentication to happen but the same username/password check to occur through a
servlet - say the servlet calls
jdbc to look for the name/password correctness or even it may call a 3rd party api like authenticateUser(name, password) etc? Is the solution in using Tomcat's Realm? But that's again Tomcat specific, my solution may ultimately have to be deployed in
JBoss with Jetty though during developemt I am using Tomcat and Resin.
The problem now is that fro my servlet I can get the user using getRemoteUser(), but request.getRemoteUser() or request.getUserPrincipal() can't give me the password. If I could get the password, then after taking the username, password from user I would forward them to my servlet and I could call the 3rd party from servlet.
If its not feasible with basic authentication, in that case I have no choice other than tomcat's realm, then is it feasible using digest or form-based authentication? How? :roll:
--- Ashik
[ January 20, 2004: Message edited by: Ashik uzzaman ]
[ January 20, 2004: Message edited by: Ashik uzzaman ]