I have a web application deployed on Glassfish 3.0 which uses my custom web application realm to authenticate user based on username and password (using servlet 3.0 request.login()). I have written a custom login module which extends "AppservPasswordLoginModule" and does the authentication .The password is stored encrypted in db.
Now i have a scenario where i need to generate token based urls for users which they can use to login to the site (without any username or password ) . The token can be valid for certain time or valid for one time login .
How do i pass my token to my login module or How do i handle such login flow and authenticate a user based on token ?
Since no one answered .
I tried having server auth module , however it didn't work for passing information to realm . I ended up parsing the token in one of my servlet, retrieving the credentials over there and then passing those to my login module (and realm) . In my realm i did the validation against DB values to authenticate the user .