Hello !

I'm trying to build an application that will have to get its data from a set of servlets. Those servlets are using an HTTP BASIC authentication and live as another application on the same Tomcat server.

I've had a look at the chapter 37 (persistent connection), but as I understood, it doesnt apply to my problem.

What I would like would be a dataset with a src like this one :

<dataset name="dset" autorequest="true" src="http://admin:adminpassword@localhost:8080/anotherApp/SomeServlet"/>

but it doesnt work. I guess laszlo doesnt understand "user:password@" URL ... (prove me wrong).

Is there any work around, or another design pattern to access protected resources ?

Thanks for the help ...

Gehel

Finally I found a way to do it ... It's much simpler than what I thought. I'll exlain here how I did it. Be carefull, I dont understand everything about Laszlo, so some of my assumptions might be wrong.

I didnt understand that the Laszlo server is used as a proxy to the external HTTP datasets. It makes things much easier as long as you want to authenticate the access to the laszlo application itself.

I added an aunthentication scheme to the Laszlo application using the standard Tomcat mechanism of adding a <security-constraint> node in the laszlo web.xml and adding a custom Real as described in http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html

I use the same realm to protect my servlets and enabled SingleSignOn as described in http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/valve.html

Now the authentication is propagated, I dont need to do anything more. Great !

Of course, the problem will arise again if I have to access data on another server. I will need to find a way to propagate credentials ...

Thank you for your attention !

hi dear
i am working on a financial application. Their may be 100's of user connected at the time . while using
the laszlo can you give me some idea if possible in detail how my servlet know from which the request has come offcourse i cant send password at every request for different data which i want i will be thank ful to u

faisal

Well, I'm not sure I understood completely your post, but :

If you use the J2EE authentication framework as explained above (or in any good servlet book), you can just call

request.isUserInRole("myRole");

to check against a specific role, or

getUserPrincipal();

to get the user's principal (obviously).

I'm not sure it answers the question, let me know ...

Gehel

hi dear
just look i try to explain it.
just suppose i have shopping site i have entered through it my login. Now if i want to get the information about my past transactions i will send the request for like last weeek transaction. But How
will the server know which member has sent the request for past transactions. Like at that time hundreds of the users will be requesting for their past transactions?. And as far as my job is concerned i am more interested in details about laszlo as i am managing GUI of my application . At back end another person is dealing servlet

faisal

faisal

Ok, then you should probably not care about it. The buisness tiers (the servlet) will handle that automagically from your point of view. If the servlet developper is not too bad, he will give you a servlet that when called will send you the past transactions for the currently logged user.

How does it work ? It is actually more a container (Tomcat) issue than Laszlo.

First the user has to be authenticated (see my second post or any good book on J2EE). Usually, the user is prompted for a username/password. After that, the authentication (username or ID) is associated to that "connection" via session management, or cookies, or whatever ...

As the authentication is handled by the container, you should not need to care about it in Laszlo. That's the role of the servlet.

I hope it clarifies a bit ...

Gehel