My Favourites
opensubscriber
   Find in this group all groups
Home     Log In     Sign Up     FAQ    
 
Unknown more information…
o : ops-users@objectweb.org 8 August 2007 • 12:58AM -0400

Re: [ops-users] How to get username and Password out of the security-request!?
by Marcus

REPLY TO AUTHOR
 
REPLY TO GROUP



Hi Erik,
you'll find the answer why i need it in my first post :-)

In my webapp there is are some admin-functions. Here you can enter new data
or manipulate and delete them. For that i used the REST and also the WebDAV
protocol in my submissions. But as you know, therefor i need the
informations for "xxforms:username" and "xxforms:password" or the same in
the "datasource.xml" file when i use a XPL. Right?

The answer to your question on the security-filter should be the following.
The filter is configured in the web.xml. there i can define a sublink i.e.
(server)/myapp/admin/ as a secure section. /myapp is my normal webapp, but
all admin functions are linked to /myapp/admin. When i try access a subpage
i'm redirected to an login-page with a html-form, i enter my data and submit
them. The filter uses the exist-realm the validate the userdata against the
database usermanagement - i would say, just the same way the
tomcat-authentication would work. And then a session is created and i can
access the my admin-funktions.
But when i try to create, alter or delete data with REST or WebDAV i need
username AND password, right?

Or is there any other way than to save those data in the beginning and don't
have to use them later?
Ar the moment i use those submissions with an hardcoded admin-account, but
at least i want to use the data of the currently logged-in user.

Any idea how to solve that problem?
Thanks, Marcus


----- Original Message -----
From: "Erik Bruchez" <ebruchez@orbe...>
To: <ops-users@obje...>
Sent: Tuesday, August 07, 2007 6:04 PM
Subject: Re: [ops-users] How to get username and Password out of the
security-request!?


> Marcus,
>
> That seems to be depending on the way that security filter works. What I
> know is that as a matter of general practice, it is usually not possible
> for an application to have an access to the user's password. That would
> open the door to too many security issues. Rather, security realms deal
> themselves with passwords and just tell the application whether the user
> is authenticated or not. Sometimes passwords are even encrypted early in
> the process so that they don't circulate in clear.
>
> Why do you need the password?
>
> -Erik
>


Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.
© opensubscriber 2010
All rights reserved.

Alternate link - Alternate link