[Opensource] User authentication

Mike Traum mtraum at cirnetwork.org
Wed Jun 12 09:33:44 PDT 2002 

So your using realm authentication and have hooked expresso into it. Nice! I
was thinking about doing the same, but was fearful of the number of custom
modifications (which are always an issue when a new Expresso version come
out that you want to implement) that were necessary.

You have to modify CheckLogin and UserInfo (?). How about at least a teaser
and give up a list of modified classes so I don't have to do so much
legwork?

BTW, I consider this a must-have option for expresso. I know you we don't
want reliance on servlets, but it seems to me that it is sooooo much easier
to integrate (at least as far as authentication goes) expresso with separate
webapps using server based authentication.

Thanks,
Mike

-----Original Message-----
From: opensource-admin at jcorporate.com
[mailto:opensource-admin at jcorporate.com]On Behalf Of Bjorn Granvik
Sent: Wednesday, June 12, 2002 3:53 AM
To: opensource at jcorporate.com
Subject: RE: [Opensource] User authentication


> Can we have a look at the code?
First off; When writing this we're not quite sure what the future is for our
piece of code.
We will have to get back to those interested later on.

Let see if I can describe this better.

1.	User enters url to protected page
In the website's web.xml we've set up the declarative security, i.e. which
roles access what.
Note, we're using standard J2EE user and roles to set this up (not JAAS,
which encompasses more).

2.	Tomcat shows login
Tomcat shows our login page (form based authentication) since we're trying
to access a protected resource.
User enters username and password.

3.	Authentication and authorization
We've set up Tomcat to use LDAP realm (this i done in the config/server.xml
file).
Tomcat contacts the LDAP server and finds the user and checks password and
retrieves roles for this user.

4.	Tomcat clear, on to Expresso page
Tomcat has now cleared our access to the protected resource. If it's a plain
file (html, doc, etc), i.e. not expresso based, we're home free.
If it's an Expresso page, say frame.jsp, we now enter the Expresso
structure.
It ends in a call to CheckLogin.java. We know we're logged in and we have
the username.
Contact the LDAP-server and get the Expresso user id - expUID. Now we have
all the info need to authenticate the user Expresso-way (currentLogin on
session variables).

One final trick is still left to do when supporting the example above,
putting both user (with expUid) _and_ groups from Expresso to the
LDAP-server. This is done by tweaking some of the files in the Expresso
framework.

I hope I've answered your question,
Bjorn


_______________________________________________
Opensource mailing list
Opensource at jcorporate.com
http://mail.jcorporate.com/mailman/listinfo/opensource
Archives: http://mail.jcorporate.com/pipermail/opensource/

More information about the Opensource mailing list