----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Jane,
I played with something similar to this for a few days.
Essentially I was trying to get the standard authentication
system I wrote for my servlets to also (when the user logs in)
authenticate the user for standard htdocs files. I hit
my head off a brick wall for a few days, couldn't find a way
and later decided with others that it couldn't be done. I can't
remember the exact details but I might be able to dig them up. I'll
be intrigued if someone has a solution mind you. I could still
do with it :)
Dave Molloy
PS: Possible solution:
- In your Jserv configuration make all .html handled by a servlet which
either feeds out the page or refuses if authentication fails. This
would certainly work but may put a huge load on your site if your site
has large quantities of static html.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jane Trois
Sent: Wednesday, September 20, 2000 3:18 PM
To: [EMAIL PROTECTED]
Subject: sharing authorization headers
----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
I have a servlet running with JServ 1.0 on Apache
1.3.12, running on Linux (Redhat 6.0)
I've added some user authentication to the servlet so
that certain HTML forms, which are for admins, are
generated by the servlet and are password protected.
So for example, if a user wanted to see one of these
forms, the servlet first checks if there is an
Authorization header and then based on that either
forces the browser to prompt for a username/password
(dialog box) or goes ahead and displays the form. I
have my own mechanism for authenticating users in the
servlet.
There some links to images within these HTML forms
which are served through Apache (not the servlet), and
are protected using Apache security... but using the
same usernames and passwords as for the HTML forms.
The idea is to have it appear like (at least to the
end user) both the servlet and Apache are using the
same usernames and passwords with a single login. The
problem is, it looks like the Authorization header
does not get passed in with the Apache GET requests.
So after the user logs in through my servlet, s/he
will have to log in again for the first file GET on
Apache, which everyone around me seems to agree is
really ugly user-interface-wise!
Is there anyway to avoid this? Can I somehow share
Authorization headers between Apache and my servlet,
or at least let Apache be able to see all
Authorization headers from my servlet (even visa versa
would be helpful)? Ideas for workarounds would be
helpful.
Thanks!
Jane
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search Archives:
<http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search Archives:
<http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
