Re: Programmic login to tomcat using username and password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Delbecq wrote: > AFAIK, the J2EE specs does not allow 'spontaneous login' from > webapplication and am not sure tomcat give provision for this. I think it's more like "the J2EE specs do not require it, therefore Tomcat has chosen not to implement it". > Another possibility might be the use of > http://securityfilter.sourceforge.net/ which mimic a container security > mechanism (respect of web.xml rules, use of realms) but allows for more > flexibility than pure j2ee specs. It does. One of the things is allows is "spontaneous logins". - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4Gsa9CaO5/Lv0PARAiKxAKCkwzGTdiryT9cd3QatDea63MJ5sACeOj9w pqGnWIwunuVJmyAuVfrm9iA= =nVCu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Programmic login to tomcat using username and password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quanxin, zhu quanxin wrote: > I am looking for tomcat API for doing programmatic login. I read the > source code of org.apache.catalina.authenticator.SingleSignOn, and > find that it contains a method called reauthenticate maybe helpful. [snip] > but when I use those code in my application(for example a servlet), it > could not work. I think I could not get the instance of realm in > tomcat server. That's because the Request object isn't an HttpServletRequest object, which is what you have in your servlet. Without trouble, you can't get access to this internal object from your servlet. > do you have a better idea about programmic login, and how to write it? Check out securityfilter... it keeps the user's principal in the session instead of somewhere else, so it's easy to get. Not sure if it plays well with SSO, though. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4Gq69CaO5/Lv0PARAgHjAKC9I7NFT3j48+CXdFm4DiIzyUEL5gCgiV40 wR5JB0V+ELPuTGJ2rucBLus= =HkxJ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Programmic login to tomcat using username and password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quanxin, zhu quanxin wrote: > My aim is that tomcat could authenticate users without promoting any > login form. That is usually known as "not authenticating". > I give out the userID and password in the servlet code. when users > navagate the servlet page, they would login to tomcat as that userID > identity. Huh? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4God9CaO5/Lv0PARAtAnAJ9mkJ6Qv1BChUnR9h5JqpBSQCqDtQCgkO2v LixDk4XYZ/suxTT3PY2jA+w= =k6DN -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Programmic login to tomcat using username and password
;Fails to create Subject. " + le.getMessage()); >>>> // Insert the error processing code >>>> >>>> code end >>>> >>>> I do not know if tomcat provide some APIs like the above, and we >>>> could use the API to programmic login to the tomcat server. and where >>>> to find the instruction to use the API? >>>> >>>> >>>> Many Thanks! >>>> Zhu quanxin >>>> >>>> >>>> >>>> 2007/9/5, David Delbecq : >>>> >>>> >>>>> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html >>>>> >>>>> See section about single-sign. This share credential between webapps. >>>>> >>>>> Note: it's not a "programamtic". It just let all your application share >>>>> a same authentification token. Once you authenticate using J2EE >>>>> compliant method in application X, it's not necessary to login into >>>>> other application Y on same host that is also using J2EE compliant >>>>> authentification mecanism. >>>>> >>>>> En l'instant précis du 05/09/07 16:51, 朱全鑫 s'exprimait en ces termes: >>>>> >>>>> >>>>>> hi, everyone >>>>>> >>>>>> I meet a problem about programmic login. I setup a tomcat server, >>>>>> and deploy two WAR files (applications) on it. One of the application >>>>>> A is protected by server authentication, and the other application B >>>>>> is not. I want to setup a scenario : when user navigates the >>>>>> application B, he could programmic login to tomcat using username and >>>>>> password that is coded in the application of B, and then he >>>>>> navigates the application A in the same browser, he never needs to >>>>>> response the challenge promoted by application A. >>>>>> >>>>>> I would very appreciate if someone could help me. >>>>>> >>>>>> Thanks >>>>>> >>>>>> Zhu Quanxin >>>>>> >>>>>> - >>>>>> To start a new topic, e-mail: users@tomcat.apache.org >>>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> http://www.noooxml.org/ >>>>> >>>>> >>>>> - >>>>> To start a new topic, e-mail: users@tomcat.apache.org >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>>> >>>>> >>> - >>> To start a new topic, e-mail: users@tomcat.apache.org >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >> -- >> 致 >> 礼! >> >> 朱全鑫 >> >> >> >> - >> Be a better Globetrotter. Get better travel answers from someone who knows. >> Yahoo! Answers - Check it out. >> > > > -- http://www.noooxml.org/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Programmic login to tomcat using username and password
Hi, Dave I am looking for tomcat API for doing programmic login. I read the source code of org.apache.catalina.authenticator.SingleSignOn, and find that it contains a method called reauthenticate maybe helpful. protected boolean reauthenticate(String ssoId, Realm realm, Request request) { if (ssoId == null || realm == null) return false; boolean reauthenticated = false; SingleSignOnEntry entry = lookup(ssoId); if (entry != null && entry.getCanReauthenticate()) { String username = entry.getUsername(); if (username != null) { Principal reauthPrincipal = realm.authenticate(username, entry.getPassword()); if (reauthPrincipal != null) { reauthenticated = true; // Bind the authorization credentials to the request request.setAuthType(entry.getAuthType()); request.setUserPrincipal(reauthPrincipal); } } } return reauthenticated; } but when I use those code in my application(for example a servlet), it could not work. I think I could not get the instance of realm in tomcat server. do you have a better idea about programmic login, and how to write it? Thanks a lot~ zhu quanxin 2007/9/6, Dave <[EMAIL PROTECTED]>: > I think this feature is very basic. Everything should have a programmatic way. > > zhu quanxin <[EMAIL PROTECTED]> wrote: hi,David, > > My aim is that tomcat could authenticate users without promoting > any login form. I give out the userID and password in the servlet > code. when users navagate the servlet page, they would login to tomcat > as that userID identity. > > > > Thanks a lot! > Zhu quanxin > > > > 2007/9/6, David Delbecq : > > Hi, > > > > Am not sure to understand what you want to do. You want to login user > > without requiring it, ever, to authenticate? That seems to me quite > > paradoxal. Maybe you should explain a bit more what you try to achieve... > > > > 朱全鑫 a écrit : > > > Hi, > > > > > > I have already enabled the SSO function in server.xml. It could be > > > promoted the challenge once when I visit the first webapp and without > > > login to all the webapps in the host. But I do not want any login form > > > promoted to users. So my point is, how do I write code in a jsp or > > > servlet to auto login to the first webapp without the login-form > > > promoted to users. > > > For example, in websphere application server, the following code > > > could be auto login to the server, If we give the right username and > > > password pair. > > > > > > code begin > > > -- > > > LoginContext lc = null; > > > > > > try { > > > lc = new LoginContext("WSLogin", > > > new WSCallbackHandlerImpl("userName", "password")); > > > } catch (LoginException le) { > > > System.out.println("Cannot create LoginContext. " + le.getMessage()); > > > // Insert the error processing code > > > } catch(SecurityException se) { > > > System.out.println("Cannot create LoginContext." + se.getMessage()); > > > // Insert the error processing code > > > } > > > > > > try { > > > lc.login(); > > > } catch (LoginException le) { > > > System.out.println("Fails to create Subject. " + le.getMessage()); > > > // Insert the error processing code > > > > > > code end > > > > > > I do not know if tomcat provide some APIs like the above, and we > > > could use the API to programmic login to the tomcat server. and where > > > to find the instruction to use the API? > > > > > > > > > Many Thanks! > > > Zhu quanxin > > > > > > > > > > > > 2007/9/5, David Delbecq : > > > > > >> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html > > >> > > >> See section about single-sign. This share credential between webapps. > > >> > > >> Note: it's not a "programamtic". It just let all your application share > > >> a same authentification token. Once you authenticate using J2EE > > >> compliant method in application X, it's not necessary to login into > > >> other application Y on same host that is also using J2EE compliant > > >> authentification mecanism. > > >> > > >>
Re: Programmic login to tomcat using username and password
I think this feature is very basic. Everything should have a programmatic way. zhu quanxin <[EMAIL PROTECTED]> wrote: hi,David, My aim is that tomcat could authenticate users without promoting any login form. I give out the userID and password in the servlet code. when users navagate the servlet page, they would login to tomcat as that userID identity. Thanks a lot! Zhu quanxin 2007/9/6, David Delbecq : > Hi, > > Am not sure to understand what you want to do. You want to login user > without requiring it, ever, to authenticate? That seems to me quite > paradoxal. Maybe you should explain a bit more what you try to achieve... > > ÖìÈ«öÎ a ¨¦crit : > > Hi, > > > > I have already enabled the SSO function in server.xml. It could be > > promoted the challenge once when I visit the first webapp and without > > login to all the webapps in the host. But I do not want any login form > > promoted to users. So my point is, how do I write code in a jsp or > > servlet to auto login to the first webapp without the login-form > > promoted to users. > > For example, in websphere application server, the following code > > could be auto login to the server, If we give the right username and > > password pair. > > > > code begin > > -- > > LoginContext lc = null; > > > > try { > > lc = new LoginContext("WSLogin", > > new WSCallbackHandlerImpl("userName", "password")); > > } catch (LoginException le) { > > System.out.println("Cannot create LoginContext. " + le.getMessage()); > > // Insert the error processing code > > } catch(SecurityException se) { > > System.out.println("Cannot create LoginContext." + se.getMessage()); > > // Insert the error processing code > > } > > > > try { > > lc.login(); > > } catch (LoginException le) { > > System.out.println("Fails to create Subject. " + le.getMessage()); > > // Insert the error processing code > > > > code end > > > > I do not know if tomcat provide some APIs like the above, and we > > could use the API to programmic login to the tomcat server. and where > > to find the instruction to use the API? > > > > > > Many Thanks! > > Zhu quanxin > > > > > > > > 2007/9/5, David Delbecq : > > > >> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html > >> > >> See section about single-sign. This share credential between webapps. > >> > >> Note: it's not a "programamtic". It just let all your application share > >> a same authentification token. Once you authenticate using J2EE > >> compliant method in application X, it's not necessary to login into > >> other application Y on same host that is also using J2EE compliant > >> authentification mecanism. > >> > >> En l'instant pr¨¦cis du 05/09/07 16:51, ÖìÈ«öÎ s'exprimait en ces termes: > >> > >>> hi, everyone > >>> > >>> I meet a problem about programmic login. I setup a tomcat server, > >>> and deploy two WAR files (applications) on it. One of the application > >>> A is protected by server authentication, and the other application B > >>> is not. I want to setup a scenario : when user navigates the > >>> application B, he could programmic login to tomcat using username and > >>> password that is coded in the application of B, and then he > >>> navigates the application A in the same browser, he never needs to > >>> response the challenge promoted by application A. > >>> > >>> I would very appreciate if someone could help me. > >>> > >>> Thanks > >>> > >>> Zhu Quanxin > >>> > >>> - > >>> To start a new topic, e-mail: users@tomcat.apache.org > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> -- > >> http://www.noooxml.org/ > >> > >> > >> - > >> To start a new topic, e-mail: users@tomcat.apache.org > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Ö Àñ£¡ ÖìÈ«öÎ - Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
Re: Programmic login to tomcat using username and password
hi,David, My aim is that tomcat could authenticate users without promoting any login form. I give out the userID and password in the servlet code. when users navagate the servlet page, they would login to tomcat as that userID identity. Thanks a lot! Zhu quanxin 2007/9/6, David Delbecq <[EMAIL PROTECTED]>: > Hi, > > Am not sure to understand what you want to do. You want to login user > without requiring it, ever, to authenticate? That seems to me quite > paradoxal. Maybe you should explain a bit more what you try to achieve... > > 朱全鑫 a écrit : > > Hi, > > > > I have already enabled the SSO function in server.xml. It could be > > promoted the challenge once when I visit the first webapp and without > > login to all the webapps in the host. But I do not want any login form > > promoted to users. So my point is, how do I write code in a jsp or > > servlet to auto login to the first webapp without the login-form > > promoted to users. > > For example, in websphere application server, the following code > > could be auto login to the server, If we give the right username and > > password pair. > > > > code begin > > -- > > LoginContext lc = null; > > > > try { > >lc = new LoginContext("WSLogin", > > new WSCallbackHandlerImpl("userName", "password")); > > } catch (LoginException le) { > > System.out.println("Cannot create LoginContext. " + > > le.getMessage()); > > // Insert the error processing code > > } catch(SecurityException se) { > > System.out.println("Cannot create LoginContext." + se.getMessage()); > > // Insert the error processing code > > } > > > > try { > > lc.login(); > > } catch (LoginException le) { > > System.out.println("Fails to create Subject. " + le.getMessage()); > > // Insert the error processing code > > > > code end > > > > I do not know if tomcat provide some APIs like the above, and we > > could use the API to programmic login to the tomcat server. and where > > to find the instruction to use the API? > > > > > > Many Thanks! > > Zhu quanxin > > > > > > > > 2007/9/5, David Delbecq <[EMAIL PROTECTED]>: > > > >> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html > >> > >> See section about single-sign. This share credential between webapps. > >> > >> Note: it's not a "programamtic". It just let all your application share > >> a same authentification token. Once you authenticate using J2EE > >> compliant method in application X, it's not necessary to login into > >> other application Y on same host that is also using J2EE compliant > >> authentification mecanism. > >> > >> En l'instant précis du 05/09/07 16:51, 朱全鑫 s'exprimait en ces termes: > >> > >>> hi, everyone > >>> > >>> I meet a problem about programmic login. I setup a tomcat server, > >>> and deploy two WAR files (applications) on it. One of the application > >>> A is protected by server authentication, and the other application B > >>> is not. I want to setup a scenario : when user navigates the > >>> application B, he could programmic login to tomcat using username and > >>> password that is coded in the application of B, and then he > >>> navigates the application A in the same browser, he never needs to > >>> response the challenge promoted by application A. > >>> > >>> I would very appreciate if someone could help me. > >>> > >>> Thanks > >>> > >>> Zhu Quanxin > >>> > >>> - > >>> To start a new topic, e-mail: users@tomcat.apache.org > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> -- > >> http://www.noooxml.org/ > >> > >> > >> - > >> To start a new topic, e-mail: users@tomcat.apache.org > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- 致 礼! 朱全鑫
Re: Programmic login to tomcat using username and password
Hi, Am not sure to understand what you want to do. You want to login user without requiring it, ever, to authenticate? That seems to me quite paradoxal. Maybe you should explain a bit more what you try to achieve... 朱全鑫 a écrit : > Hi, > > I have already enabled the SSO function in server.xml. It could be > promoted the challenge once when I visit the first webapp and without > login to all the webapps in the host. But I do not want any login form > promoted to users. So my point is, how do I write code in a jsp or > servlet to auto login to the first webapp without the login-form > promoted to users. > For example, in websphere application server, the following code > could be auto login to the server, If we give the right username and > password pair. > > code begin > -- > LoginContext lc = null; > > try { >lc = new LoginContext("WSLogin", > new WSCallbackHandlerImpl("userName", "password")); > } catch (LoginException le) { > System.out.println("Cannot create LoginContext. " + le.getMessage()); > // Insert the error processing code > } catch(SecurityException se) { > System.out.println("Cannot create LoginContext." + se.getMessage()); > // Insert the error processing code > } > > try { > lc.login(); > } catch (LoginException le) { > System.out.println("Fails to create Subject. " + le.getMessage()); > // Insert the error processing code > > code end > > I do not know if tomcat provide some APIs like the above, and we > could use the API to programmic login to the tomcat server. and where > to find the instruction to use the API? > > > Many Thanks! > Zhu quanxin > > > > 2007/9/5, David Delbecq <[EMAIL PROTECTED]>: > >> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html >> >> See section about single-sign. This share credential between webapps. >> >> Note: it's not a "programamtic". It just let all your application share >> a same authentification token. Once you authenticate using J2EE >> compliant method in application X, it's not necessary to login into >> other application Y on same host that is also using J2EE compliant >> authentification mecanism. >> >> En l'instant précis du 05/09/07 16:51, 朱全鑫 s'exprimait en ces termes: >> >>> hi, everyone >>> >>> I meet a problem about programmic login. I setup a tomcat server, >>> and deploy two WAR files (applications) on it. One of the application >>> A is protected by server authentication, and the other application B >>> is not. I want to setup a scenario : when user navigates the >>> application B, he could programmic login to tomcat using username and >>> password that is coded in the application of B, and then he >>> navigates the application A in the same browser, he never needs to >>> response the challenge promoted by application A. >>> >>> I would very appreciate if someone could help me. >>> >>> Thanks >>> >>> Zhu Quanxin >>> >>> - >>> To start a new topic, e-mail: users@tomcat.apache.org >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> -- >> http://www.noooxml.org/ >> >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Programmic login to tomcat using username and password
Hi, I have already enabled the SSO function in server.xml. It could be promoted the challenge once when I visit the first webapp and without login to all the webapps in the host. But I do not want any login form promoted to users. So my point is, how do I write code in a jsp or servlet to auto login to the first webapp without the login-form promoted to users. For example, in websphere application server, the following code could be auto login to the server, If we give the right username and password pair. code begin -- LoginContext lc = null; try { lc = new LoginContext("WSLogin", new WSCallbackHandlerImpl("userName", "password")); } catch (LoginException le) { System.out.println("Cannot create LoginContext. " + le.getMessage()); // Insert the error processing code } catch(SecurityException se) { System.out.println("Cannot create LoginContext." + se.getMessage()); // Insert the error processing code } try { lc.login(); } catch (LoginException le) { System.out.println("Fails to create Subject. " + le.getMessage()); // Insert the error processing code code end I do not know if tomcat provide some APIs like the above, and we could use the API to programmic login to the tomcat server. and where to find the instruction to use the API? Many Thanks! Zhu quanxin 2007/9/5, David Delbecq <[EMAIL PROTECTED]>: > http://tomcat.apache.org/tomcat-5.5-doc/config/host.html > > See section about single-sign. This share credential between webapps. > > Note: it's not a "programamtic". It just let all your application share > a same authentification token. Once you authenticate using J2EE > compliant method in application X, it's not necessary to login into > other application Y on same host that is also using J2EE compliant > authentification mecanism. > > En l'instant précis du 05/09/07 16:51, 朱全鑫 s'exprimait en ces termes: > > hi, everyone > > > > I meet a problem about programmic login. I setup a tomcat server, > > and deploy two WAR files (applications) on it. One of the application > > A is protected by server authentication, and the other application B > > is not. I want to setup a scenario : when user navigates the > > application B, he could programmic login to tomcat using username and > > password that is coded in the application of B, and then he > > navigates the application A in the same browser, he never needs to > > response the challenge promoted by application A. > > > > I would very appreciate if someone could help me. > > > > Thanks > > > > Zhu Quanxin > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- > http://www.noooxml.org/ > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Programmic login to tomcat using username and password
http://tomcat.apache.org/tomcat-5.5-doc/config/host.html See section about single-sign. This share credential between webapps. Note: it's not a "programamtic". It just let all your application share a same authentification token. Once you authenticate using J2EE compliant method in application X, it's not necessary to login into other application Y on same host that is also using J2EE compliant authentification mecanism. En l'instant précis du 05/09/07 16:51, 朱全鑫 s'exprimait en ces termes: > hi, everyone > > I meet a problem about programmic login. I setup a tomcat server, > and deploy two WAR files (applications) on it. One of the application > A is protected by server authentication, and the other application B > is not. I want to setup a scenario : when user navigates the > application B, he could programmic login to tomcat using username and > password that is coded in the application of B, and then he > navigates the application A in the same browser, he never needs to > response the challenge promoted by application A. > > I would very appreciate if someone could help me. > > Thanks > > Zhu Quanxin > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- http://www.noooxml.org/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Programmic login to tomcat using username and password
hi, everyone I meet a problem about programmic login. I setup a tomcat server, and deploy two WAR files (applications) on it. One of the application A is protected by server authentication, and the other application B is not. I want to setup a scenario : when user navigates the application B, he could programmic login to tomcat using username and password that is coded in the application of B, and then he navigates the application A in the same browser, he never needs to response the challenge promoted by application A. I would very appreciate if someone could help me. Thanks Zhu Quanxin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]