× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Hi,

Excuse my Americanism, I don't know if your first name is Lim or
Hock-Chai.

While I don't disagree with Matt's response on downsides, I understand
the reasoning for a single set of credentials, and if it's a user
requirement, there you go.

If your app server versions support JSR-196, there's a project that allows you to use form based and other container managed security with any method(s) of authentication and authorization that you want:

http://code.google.com/p/authenticroast/

I used it in a situation where US employees were validated from Active
Directory, and employees of other subsidiaries used a different method to
validate credentials. Since most containers are set up for a single type of
authentication, it really looked like trouble, but was a user requirement.

AuthenticRoast worked out really well for me. The container notifies
your method, you do whatever to validate and send back the result, and
that's pretty much it. In your case, you can use JTOpen methods to vaildate
AS/400 credentials. You could also simulate what I did by first using your
"normal" method, then trying the AS/400 if the first way fails.

The downside, of course, is that you have to provide the code for actual
authentication. For me, that meant learning code to deal with Active
Directory, which was previously handled by the container; I only had to give
configuration info. Still, I would suggest looking into it, and the
developer respionds to questions (at least for me.)

HTH,


Joe Sam

Joe Sam Shirah - http://www.conceptgo.com
conceptGO - Consulting/Development/Outsourcing
Java Filter Forum: http://www.ibm.com/developerworks/java/
Just the JDBC FAQs: http://www.jguru.com/faq/JDBC
Going International? http://www.jguru.com/faq/I18N
Que Java400? http://www.jguru.com/faq/Java400

----- Original Message ----- From: "Haas, Matt (CL Tech Sv)" <matt.haas@xxxxxxxxxxx>
To: <java400-l@xxxxxxxxxxxx>
Sent: Friday, June 11, 2010 1:16 PM
Subject: RE: Prompting for iseries user ID and password on a web application


The easiest way is to set up your HTTP server to use Basic Authentication
to password protect things. Once that is done, the user name that was
entered will be available in the remote user environment variable.

That said, it's generally not good to use user profiles for web sites
because you open the system up to hacking by providing credentials that
mean something to the base OS.

Also, there isn't a way to change passwords when they expire or reset
profiles when they get disabled from too many invalid login attempts which
will likely result in additional support calls.

Matt

----------------------------------------------------------------------

message: 1
date: Fri, 11 Jun 2010 10:12:00 -0500
from: "Lim Hock-Chai" <Lim.Hock-Chai@xxxxxxxxxxxxxxx>
subject: Prompting for iseries user ID and password on a web
application

There is a new business requirement where I've to make modification to
one of our web-app to now prompt for iseries user ID and password before
allowing user to access the application. Does any know if there is
already a pre-built tool (in jt400?) that can already do that for me or
I've to pretty much create one?

Thanks

--
This is the Java Programming on and around the iSeries / AS400 (JAVA400-L)
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.