• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Tim Cooke
  • Devaka Cooray
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
Bartenders:
  • Carey Brown
  • Roland Mueller

How to call 3rd party api for User Authentication in a generic way

 
Ranch Hand
Posts: 2379
MySQL Database Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Pals,
I can use basic authentication to check if a user is one of the roles that allow him to access my resources. Now here, the username and password added in a container specific file (tomcat-users.xml for Tomcat), right? What about if I want the basic authentication to happen but the same username/password check to occur through a servlet - say the servlet calls jdbc to look for the name/password correctness or even it may call a 3rd party api like authenticateUser(name, password) etc? Is the solution in using Tomcat's Realm? But that's again Tomcat specific, my solution may ultimately have to be deployed in JBoss with Jetty though during developemt I am using Tomcat and Resin.
The problem now is that fro my servlet I can get the user using getRemoteUser(), but request.getRemoteUser() or request.getUserPrincipal() can't give me the password. If I could get the password, then after taking the username, password from user I would forward them to my servlet and I could call the 3rd party from servlet.
If its not feasible with basic authentication, in that case I have no choice other than tomcat's realm, then is it feasible using digest or form-based authentication? How? :roll:
--- Ashik
[ January 20, 2004: Message edited by: Ashik uzzaman ]
[ January 20, 2004: Message edited by: Ashik uzzaman ]
 
author and deputy
Posts: 3150
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
May sound stupid but
  • how abt storing them in an XML file or .properties under web-inf/db directory
  • or using tiny db's like hsqldb under web-inf/db directory ?

  • The above two choice is not application server specific and you can ship anywhere.
     
    Ashik Uzzaman
    Ranch Hand
    Posts: 2379
    MySQL Database Spring Java
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Balaji,
    Thanks for the response. I considered both the approaches earlier and had to leave those. The problem is I am writing a webapp that will be deployed in an existing system where the authenticateUser(name, password) method is already written. I have to call that from my servlet only by accepting the name, password from the client but in the same time use the native login dialog box so that if an webdav client (say through web folders of windows xp) also tries to access, he gets the same authentication dialogue box to input username/password.
    --- Ashik
     
    Balaji Loganathan
    author and deputy
    Posts: 3150
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Ashik,
    Will this article help you http://www.fawcette.com/javapro/2002_06/magazine/features/bkurniawan/Default.aspx , sorry can't ponder much on this.
     
    Or we might never have existed at all. Freaky. So we should cherish everything. Even this tiny ad:
    We need your help - Coderanch server fundraiser
    https://coderanch.com/wiki/782867/Coderanch-server-fundraiser
    reply
      Bookmark Topic Watch Topic
    • New Topic