users@glassfish.java.net

Re: Is it impossible to remember passwords

From: Gabe Wong <gabrielw_at_ngasi.com>
Date: Sun, 02 Dec 2007 00:52:33 -0800

Byron Nevins wrote:
> I have now officially given up. Glassfish has won this battle.
> I can not find any java/jsp/servlet way of sending in a
> username/password without user intervention for JDBC Realm
> authentication.
> I tried everything including changing the web-container source (e.g.
> if there is no password parameter -- look for a password attribute
> instead). Usually j_security_check just gives a 404 error.
>
> Any help would be appreciated. It is super-common on the Internet to
> have "remember me" checkboxes. It should not be so staggeringly
> difficult to do this in GF.
>
>
You have a valid point regarding the need for "remember me" options
however that should be a matter of consideration for the Servlet
specification first.
Until then you cannot expect GF or any other Servlet container to have
such a feature. It would need to be implemented at the application level.
A possible solution would be to send a Cookie with some sort of token to
the user browser. The cookie with the token, could be used
to redirect the user to protected resources. The token may have a key to
a hash of the user's login credential information; this information may
be included as
parameters when redirecting to the protected resources.



-- 
Regards
Gabe Wong
NGASI AppServer Manager
Application server installation and configuration AUTOMATION
http://www.ngasi.com