Re: Auto login using a cookie
I think you'd need to use a valve instead of a filter. The filters are invoked after any security check is done (i believe). As a starting reference, look at the SingleSignOn valve. -Tim Joël Wijngaarde [Us Media] wrote: Hi, I was wondering if there is a standard way of creating automatic login functionality in tomcat. What I mean is that a user can set a tik a box saying 'Automatically Log me in the next time I visit'. This is a common functionality on low security sites and improves user experience a lot. We now use the JDBC Realm for authentication of the users. Of course we can 9implement our own security filter checking for the necessary credentials, but it would be great if we could use the web.xml file to define the security constraints. Any suggestions or references? Regards, Joel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Auto login using a cookie
Hi Tim, Thanks for the reply. I will take a lok at your suggestion, however using a valve would make the login structure Tomcat specific. Most Servlet-Containers supply someway of doing the authentication through LDAP / JDBC / FILE... and thus using this scheme is quite safe. But is there als a 'standard' way of using an auto login feature without breaking the Container independence. - Joel On Tue, 2003-06-03 at 13:38, Tim Funk wrote: > I think you'd need to use a valve instead of a filter. The filters are > invoked after any security check is done (i believe). > > As a starting reference, look at the SingleSignOn valve. > > -Tim > > Joël Wijngaarde [Us Media] wrote: > > Hi, > > > > I was wondering if there is a standard way of creating automatic login > > functionality in tomcat. > > > > What I mean is that a user can set a tik a box saying 'Automatically Log > > me in the next time I visit'. This is a common functionality on low > > security sites and improves user experience a lot. > > > > We now use the JDBC Realm for authentication of the users. Of course we > > can 9implement our own security filter checking for the necessary > > credentials, but it would be great if we could use the web.xml file to > > define the security constraints. > > > > Any suggestions or references? > > > > > > Regards, > > > > > > Joel > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Us Media Stadhouderskade 115 1073 AX Amsterdam t: +31 20 428 6868 f: +31 20 470 6905 w: http://www.usmedia.nl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Auto login using a cookie
Since you are Using JDBCRealm, you are already somewhat tomcat dependent. Even though switching realms is very easy. But the code to do the auto login needs to occur BEFORE the JDBCRealm code is excuted. That is the problem. Thats the bad news, you tomcat specific code should be easy to port to other containers if they provide that functionality. -Tim Joël Wijngaarde [Us Media] wrote: Hi Tim, Thanks for the reply. I will take a lok at your suggestion, however using a valve would make the login structure Tomcat specific. Most Servlet-Containers supply someway of doing the authentication through LDAP / JDBC / FILE... and thus using this scheme is quite safe. But is there als a 'standard' way of using an auto login feature without breaking the Container independence. - Joel On Tue, 2003-06-03 at 13:38, Tim Funk wrote: I think you'd need to use a valve instead of a filter. The filters are invoked after any security check is done (i believe). As a starting reference, look at the SingleSignOn valve. -Tim Joël Wijngaarde [Us Media] wrote: Hi, I was wondering if there is a standard way of creating automatic login functionality in tomcat. What I mean is that a user can set a tik a box saying 'Automatically Log me in the next time I visit'. This is a common functionality on low security sites and improves user experience a lot. We now use the JDBC Realm for authentication of the users. Of course we can 9implement our own security filter checking for the necessary credentials, but it would be great if we could use the web.xml file to define the security constraints. Any suggestions or references? Regards, Joel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Auto login using a cookie
I have a way that's been working for me - see it at: http://raibledesigns.com/training/index.jsp?topic=rememberMe HTH, Matt -Original Message- From: Joël "Wijngaarde [Us Media] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 6:14 AM To: Tomcat Users List Subject: Re: Auto login using a cookie Hi Tim, Thanks for the reply. I will take a lok at your suggestion, however using a valve would make the login structure Tomcat specific. Most Servlet-Containers supply someway of doing the authentication through LDAP / JDBC / FILE... and thus using this scheme is quite safe. But is there als a 'standard' way of using an auto login feature without breaking the Container independence. - Joel On Tue, 2003-06-03 at 13:38, Tim Funk wrote: > I think you'd need to use a valve instead of a filter. The filters are > invoked after any security check is done (i believe). > > As a starting reference, look at the SingleSignOn valve. > > -Tim > > Joël Wijngaarde [Us Media] wrote: > > Hi, > > > > I was wondering if there is a standard way of creating automatic login > > functionality in tomcat. > > > > What I mean is that a user can set a tik a box saying 'Automatically Log > > me in the next time I visit'. This is a common functionality on low > > security sites and improves user experience a lot. > > > > We now use the JDBC Realm for authentication of the users. Of course we > > can 9implement our own security filter checking for the necessary > > credentials, but it would be great if we could use the web.xml file to > > define the security constraints. > > > > Any suggestions or references? > > > > > > Regards, > > > > > > Joel > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Us Media Stadhouderskade 115 1073 AX Amsterdam t: +31 20 428 6868 f: +31 20 470 6905 w: http://www.usmedia.nl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Auto login using a cookie
This more or less works for TC 3.x (where j_security_check is a [psuedo-]Servlet). It won't work for TC 4.x and higher (basically the same as the recuring topic: "My users are bookmarking the login page"). As Tim mentioned, Filters are called after Container-Managed authentication is checked. Of course, there is nothing stopping you from implementing a Filter-Managed security scheme (where your Filter(s) do all the work of Tomcat's Authenticators and Realms). "Raible, Matt" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I have a way that's been working for me - see it at: http://raibledesigns.com/training/index.jsp?topic=rememberMe HTH, Matt -Original Message- From: Joël "Wijngaarde [Us Media] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 6:14 AM To: Tomcat Users List Subject: Re: Auto login using a cookie Hi Tim, Thanks for the reply. I will take a lok at your suggestion, however using a valve would make the login structure Tomcat specific. Most Servlet-Containers supply someway of doing the authentication through LDAP / JDBC / FILE... and thus using this scheme is quite safe. But is there als a 'standard' way of using an auto login feature without breaking the Container independence. - Joel On Tue, 2003-06-03 at 13:38, Tim Funk wrote: > I think you'd need to use a valve instead of a filter. The filters are > invoked after any security check is done (i believe). > > As a starting reference, look at the SingleSignOn valve. > > -Tim > > Joël Wijngaarde [Us Media] wrote: > > Hi, > > > > I was wondering if there is a standard way of creating automatic login > > functionality in tomcat. > > > > What I mean is that a user can set a tik a box saying 'Automatically Log > > me in the next time I visit'. This is a common functionality on low > > security sites and improves user experience a lot. > > > > We now use the JDBC Realm for authentication of the users. Of course we > > can 9implement our own security filter checking for the necessary > > credentials, but it would be great if we could use the web.xml file to > > define the security constraints. > > > > Any suggestions or references? > > > > > > Regards, > > > > > > Joel > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Us Media Stadhouderskade 115 1073 AX Amsterdam t: +31 20 428 6868 f: +31 20 470 6905 w: http://www.usmedia.nl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
