Posted by healeyb
on October 25, 2010 at 3:30 PM PDT
I've got container security working with a jdbc realm using hashed passwords.
What I want to do is have a preRenderView on my login page which, if it detects
an appropriate cookie will auto-login the user. Not everyone thinks this is a good
idea, but, let's face it lots of sites implement "remember me".
There's a login(username, password) function on HttpServletRequest which does
what I want, the problem being that it takes plain text passwords. Exactly what
I don't want to do is store the plain text password in the cookie.
I thought it would be best to take a username from the cookie, check the ip
address of the http request against a stored value, then perhaps retrieve the
hashed password from the database for the user record and call a login function
that can use hashed passwords (or just not do this last step).
Does anyone know how to do this? I saw one post regarding a custom login
module but know nothing more than that.