[prev in list] [next in list] [prev in thread] [next in thread] 

List:       jetspeed-user
Subject:    RE: User authentication
From:       Todd Kuebler <tkuebler () cisco ! com>
Date:       2003-10-30 19:18:53
[Download RAW message or body]


Another approach is to use servlet container (tomcat or whatever) managed 
auth to authenticate your user and provide a SessionValidator to manage 
logging in the user to jetspeed/turbine.  In this approach you disable the 
form based login actions altogether by removing them from the appropriate 
templates.

I think this is probably a better approach in many ways if you don't 
require the concept of a anonymous user.  You can use Digest Auth or 
whatever for much better security than form based login where your userid 
and password travel in plain text unless you are using ssl, and the 
authentication part can be managed by a commonly managed and administrated 
site wide infrastructure.

Hope that helps some. :)

%regards -tk


At 09:58 AM 10/29/2003 +0200, Youssef Mohammed wrote:
>The login action is a turbine action and u need not to define any
>portlet for login. All what you need to do is to write the client-side
>script that will get the userid ( throw your ActiveX or whateveer ) and
>then submit the this form
>
>         <form method="POST" >
>           <input name="action" type="hidden" value="JLoginUser">
>           <input value="" name="username" >
>           <input value="" name="password" >
>         </form>
>
>
>You can also make the username and password hidden
>
>
>-----Original Message-----
>From: Thavutam, Prashanth [mailto:1thavutp@toysrus.com]
>Sent: Tuesday, October 28, 2003 5:39 PM
>To: Jetspeed Users List
>Subject: User authentication
>
>
>We are currently using an Active X control to get the user Id from
>Windows,
>which is used for authentication and for authorization also. No
>passwords
>are used. We want to implement the same with portal and found a variable
>topnav.user_login.enable in JetspeedResources.properties, I understood
>from
>the documentation, when it is set to false, logging will be done through
>login portlet, which I think I can implement it in my own way. I
>couldn't
>figure out if there is a portlet existing that I can use or if I need to
>write a new portlet, how do I configure it. Thanks for any help.
>
>Prashanth
>
>
>========================================================================
>
>This email message is for the sole use of the intended recipient (s) and
>may
>contain confidential and privileged information. Any unauthorized
>review,
>use, disclosure or distribution is prohibited. If you are not the
>intended
>recipient, please contact the sender by reply email and destroy all
>copies
>of the original message. To reply to our email administrator directly,
>send
>an email to EmailAdmin@toysrus.com.
>Toys "R" Us, Inc.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]