you'll find the answer why i need it in my first post :-)
In my webapp there is are some admin-functions. Here you can enter new data
or manipulate and delete them. For that i used the REST and also the WebDAV
protocol in my submissions. But as you know, therefor i need the
informations for "xxforms:username" and "xxforms:password" or the same in
the "datasource.xml" file when i use a XPL. Right?
The answer to your question on the security-filter should be the following.
The filter is configured in the web.xml. there i can define a sublink i.e.
(server)/myapp/admin/ as a secure section. /myapp is my normal webapp, but
all admin functions are linked to /myapp/admin. When i try access a subpage
i'm redirected to an login-page with a html-form, i enter my data and submit
them. The filter uses the exist-realm the validate the userdata against the
database usermanagement - i would say, just the same way the
tomcat-authentication would work. And then a session is created and i can
access the my admin-funktions.
But when i try to create, alter or delete data with REST or WebDAV i need
username AND password, right?
Or is there any other way than to save those data in the beginning and don't
have to use them later?
Ar the moment i use those submissions with an hardcoded admin-account, but
at least i want to use the data of the currently logged-in user.
Any idea how to solve that problem?
----- Original Message -----
From: "Erik Bruchez" <ebruchez@orbe...>
Sent: Tuesday, August 07, 2007 6:04 PM
Subject: Re: [ops-users] How to get username and Password out of the
> That seems to be depending on the way that security filter works. What I
> know is that as a matter of general practice, it is usually not possible
> for an application to have an access to the user's password. That would
> open the door to too many security issues. Rather, security realms deal
> themselves with passwords and just tell the application whether the user
> is authenticated or not. Sometimes passwords are even encrypted early in
> the process so that they don't circulate in clear.
> Why do you need the password?