Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

How to call 3rd party api for User Authentication in a generic way

 
Ranch Hand
Posts: 2378
MySQL Database Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Pals,
I can use basic authentication to check if a user is one of the roles that allow him to access my resources. Now here, the username and password added in a container specific file (tomcat-users.xml for Tomcat), right? What about if I want the basic authentication to happen but the same username/password check to occur through a servlet - say the servlet calls jdbc to look for the name/password correctness or even it may call a 3rd party api like authenticateUser(name, password) etc? Is the solution in using Tomcat's Realm? But that's again Tomcat specific, my solution may ultimately have to be deployed in JBoss with Jetty though during developemt I am using Tomcat and Resin.
The problem now is that fro my servlet I can get the user using getRemoteUser(), but request.getRemoteUser() or request.getUserPrincipal() can't give me the password. If I could get the password, then after taking the username, password from user I would forward them to my servlet and I could call the 3rd party from servlet.
If its not feasible with basic authentication, in that case I have no choice other than tomcat's realm, then is it feasible using digest or form-based authentication? How? :roll:
--- Ashik
[ January 20, 2004: Message edited by: Ashik uzzaman ]
[ January 20, 2004: Message edited by: Ashik uzzaman ]
 
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
May sound stupid but
  • how abt storing them in an XML file or .properties under web-inf/db directory
  • or using tiny db's like hsqldb under web-inf/db directory ?

  • The above two choice is not application server specific and you can ship anywhere.
     
    Ashik Uzzaman
    Ranch Hand
    Posts: 2378
    MySQL Database Spring Java
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Balaji,
    Thanks for the response. I considered both the approaches earlier and had to leave those. The problem is I am writing a webapp that will be deployed in an existing system where the authenticateUser(name, password) method is already written. I have to call that from my servlet only by accepting the name, password from the client but in the same time use the native login dialog box so that if an webdav client (say through web folders of windows xp) also tries to access, he gets the same authentication dialogue box to input username/password.
    --- Ashik
     
    Balaji Loganathan
    author and deputy
    Posts: 3150
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Ashik,
    Will this article help you http://www.fawcette.com/javapro/2002_06/magazine/features/bkurniawan/Default.aspx , sorry can't ponder much on this.
     
    Consider Paul's rocket mass heater.
    reply
      Bookmark Topic Watch Topic
    • New Topic