[Opensource] external authentication?
larry hamel
expresso at codeguild.com
Thu Mar 20 13:12:10 PST 2003
hi,
One of our projects has a "legacy" authentication system, a digest key retained by a stand-alone client and transmitted via http to the server with each call.
This "external" authentication system is different than the one used by expresso, so to integrate the two, I extracted a new method in LoginController.java to expose where the login information is saved to the persistent session. The new method is called LoginController.setPersistentLoginAttributes(), and to use it, I employed and override on Controller.perform () in the following way:
/**
* overriding in order to use different authentication
*/
public ActionForward perform(ActionMapping actionMapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response
) throws IOException, ServletException {
String id = request.getParameter(Get.AUTH);
if ( Get.isValidKey(id)) {
// set a CurrentLogin item in session
// so that expresso will honor our authentication
AuthInfo info = Get.getInfo(id);
PersistentSession session = new HTTPPersistentSession(request, response);
String dbContext = StringUtil.notNull(request.getParameter("dbContext"));
if (dbContext.length() == 0) {
dbContext = DBConnection.DEFAULT_DB_CONTEXT_NAME;
}
try {
LoginController.setPersistentLoginAttributes(
session, request, info.getLoginName(), "", info.getUid(), dbContext);
} catch (ControllerException e) {
throw new ServletException(e);
}
}
return super.perform(actionMapping, form, request, response);
}
In the sample, Get.xxx refers to the external authentication system.
Is there a better way to integrate an external authentication system?
thanks,
larry
More information about the Opensource
mailing list