We are using a Java servlet to inteface with our Tamino Database.
Now we want to use securityand did set up users, groups and ACL’s and authentication=“Tamino”.
How can we check a userid and password against the tamino database, to see if the pair is matched with the values set in Tamino.
I figure we may need to encrypt the password and check it against the encrypted password that is stored in the ino:security collection.
How can we do this in Java?
The connection to the database is created with the unencrypted password:
// Establish the connection to Tamino
TConnection connection = TConnectionFactory.getInstance().newConnection( DATABASE_URL, USER, PASSWORD );
If the combination of user/password has insufficient privileges (e.g. because it is unknown), you will get an exception.
Thanks Julius for your response,
We did try this already, but it doesn’t work in our setup.
A short technical description:
You need an accessor after this getInstance().newConnection to check it against a collection. Now if you do this on the collection ino:security and the password validation fails, then the request is handled by the java.net.Authenticator. (We use the authenticator for gaining access with an elevated privilege) .
In that case the Tamino API apparently falls back by triing authentication on port 80, which, succeeds while it should not.
So we need another way. Can we encrypt the password ourselves to check it against the stored password?