RE: Basic authentication password caching

2001-12-17 Thread Ignacio J. Ortega

 De: EDV Systembetrieb [mailto:[EMAIL PROTECTED]]
 Enviado el: lunes 17 de diciembre de 2001 14:33

 My problem is, that there seems to be a permanent connection 
 between the browser and the servlet or the logininformation a 
 cached by the browser until the browser is restartet
 

THis question has beat the list, so many times before, the short answer
is no, at least with BASIC auth.., you cannot make the browser disregard
a previously done auth, wihtout closing it..

And this is a behavior of all browsers, the solution is to use FORM
instead of BASIC, and simply invalidate the session, if you try this
with basic, next the browser  request a protected page, it simply sends
the cached auth previously done..

Saludos ,
Ignacio J. Ortega


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]




RE: Basic authentication password caching

2001-12-17 Thread Larry Isaacs



 -Original Message-
 From: EDV Systembetrieb [mailto:[EMAIL PROTECTED]]
 Sent: Monday, December 17, 2001 8:33 AM
 To: [EMAIL PROTECTED]
 Subject: Basic authentication  password caching
 
 
 Hi everybody,
 I setup Tomcat 3.3 with JDBCRealm and a mysql-database using  
 basic authenticattion. We use a servlet for fileuploading to 
 our server.
 Before sending the files, the user is prompted for loginname 
 and password.
 
 My problem is, that there seems to be a permanent connection 
 between the browser and the servlet or the logininformation a 
 cached by the browser until the browser is restartet
 
 But I'd like to force the user to enter his ID and password 
 each time he sends files, no matter if he restarts his browser or not.
 
 Any hints??
 
 Besides another question:
 Is there any documentation about parameters usable in web.xml 
 and apps-XXX.xml and what they mean. This would be very helpfull.

The web.xml is docummented by the Servlet spec (version 2.2 for
Tomcat 3.3).  It may be obtained here:

http://java.sun.com/products/servlet/download.html

The apps-XXX.xml is documented in the User Guide under the
Adding and Customizing Contexts section.  The online version
may be found at:

http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ug.html#context_addcust

Cheers,
Larry

 
 Thanks Sabine
 
 
 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]
 

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]




Re: Basic authentication password caching

2001-12-17 Thread Craig R. McClanahan



On Mon, 17 Dec 2001, EDV Systembetrieb wrote:

 Date: Mon, 17 Dec 2001 14:32:34 +0100
 From: EDV Systembetrieb [EMAIL PROTECTED]
 Reply-To: Tomcat Users List [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Basic authentication  password caching

 Hi everybody,

 I setup Tomcat 3.3 with JDBCRealm and a mysql-database using basic
 authenticattion. We use a servlet for fileuploading to our server.
 Before sending the files, the user is prompted for loginname and
 password.

 My problem is, that there seems to be a permanent connection between
 the browser and the servlet or the logininformation a cached by the
 browser until the browser is restartet

 But I'd like to force the user to enter his ID and password each time
 he sends files, no matter if he restarts his browser or not.

 Any hints??


As you noted, it is the *browser* that's caching the username/password, so
there is nothing the server can do about it.  An alternative would be to
use form-based login instead -- invalidating the user's session logs them
off.

 Besides another question: Is there any documentation about parameters
 usable in web.xml and apps-XXX.xml and what they mean. This would be
 very helpfull.


For web.xml the important document is the Servlet Specification, which you
can download from:

  http://java.sun.com/products/servlet/download.html

For apps-XXX.xml you need to ask the 3.3 developers about it -- there's
lots of docs about configuring Tomcat 4 :-).

 Thanks Sabine


Craig


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]