Auto login using a cookie

2003-06-03 Thread Wijngaarde [Us Media]
Hi,

I was wondering if there is a standard way of creating automatic login 
functionality in tomcat.

What I mean is that a user can set a tik a box saying 'Automatically Log
me in the next time I visit'. This is a common functionality on low
security sites and improves user experience a lot.

We now use the JDBC Realm for authentication of the users. Of course we
can 9implement our own security filter checking for the necessary
credentials,  but it would be great if we could use the web.xml file to
define the security constraints.

Any suggestions or references?


Regards,


Joel



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Auto login using a cookie

2003-06-03 Thread Wijngaarde [Us Media]
Hi Tim,

Thanks for the reply. I will take a lok at your suggestion, however
using a valve would make the login structure Tomcat specific. Most
Servlet-Containers supply someway of doing the authentication through
LDAP / JDBC / FILE... and thus using this scheme is quite safe.

But is there als a 'standard' way of using an auto login feature without
breaking the Container independence.

- Joel

On Tue, 2003-06-03 at 13:38, Tim Funk wrote:
 I think you'd need to use a valve instead of a filter. The filters are 
 invoked after any security check is done (i believe).
 
 As a starting reference, look at the SingleSignOn valve.
 
 -Tim
 
 Joël Wijngaarde [Us Media] wrote:
  Hi,
  
  I was wondering if there is a standard way of creating automatic login 
  functionality in tomcat.
  
  What I mean is that a user can set a tik a box saying 'Automatically Log
  me in the next time I visit'. This is a common functionality on low
  security sites and improves user experience a lot.
  
  We now use the JDBC Realm for authentication of the users. Of course we
  can 9implement our own security filter checking for the necessary
  credentials,  but it would be great if we could use the web.xml file to
  define the security constraints.
  
  Any suggestions or references?
  
  
  Regards,
  
  
  Joel
  
  
  
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  
  
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
-- 
Us Media
Stadhouderskade 115
1073 AX Amsterdam

t: +31 20 428 6868
f: +31 20 470 6905
w: http://www.usmedia.nl


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How Directly Run Servlet W/O Redirect From Index.html?

2003-06-03 Thread Wijngaarde [Us Media]
Can't you use a RewriteRule (see
http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html) from within
apache to rewrite the default URL to an URL pointing at your servlet.

Or maybe even a configure a filter in your web.xml doing the redirect?

- Joel

On Tue, 2003-06-03 at 14:08, Tim Funk wrote:
 Then your out of luck.
 
 -Tim
 
 Peter Alvin wrote:
  Thank you.  I tried DirectoryIndex but it looks like that looks for a 
  file on the filesystem and all my webpages are all served from the 
  servlet.
   
  Pietro da Alvin
  719-210-3858
   
  Chi cerca trova (Who searches, finds)
  Italian Proverb
  
  
  On Tue, 03 Jun 2003 07:17:23 -0400, Tim Funk wrote:
  
 add index.jsp as a default file to apache config
 
 DirectoryIndex index.jsp index.html more_cowbell.html
 
 -Tim
 
 Peter Alvin wrote:
 
 When someone types:
 
 www.site.com
 
 Apache serves index.html which I added an an immediate redirect to
 load the real site's homepage which is a Java servlet.
 
 Does anyone know how to configure Apache, DNS, or MOD_SSL to go
 directly to the servlet for the home page?
 
 - Apache 1.3.27 - mod_ssl-2.8.12-1.3.27 - openssl-0.9.7a
 
 Pietro da Alvin
 
 
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: tomcat-user-
 [EMAIL PROTECTED]
 
 
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
  
  
  
  
  
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
  
  
  
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
-- 
Us Media
Stadhouderskade 115
1073 AX Amsterdam

t: +31 20 428 6868
f: +31 20 470 6905
w: http://www.usmedia.nl


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]