PROTECTED]
Asunto: Re: Difficulty with SSL authentication without client certificate
For what you want, I'd probably go with a Filter that stores the Principal
under a well-known-name for use by the Servlet. For Container level
security, it is clearly an error if the client won't provide
with SSL authentication without client certificate
The most usual case that this behavior of tomcat is a nuissance, is when you wish to
accept a SSL session; but if there is no client certificate, go ahead but with some
functionality excluded. In my case, I give more sensitive information
Hi, i have a web application that use web authentication through j_security_check
servlet; i need to add an extra parameter diferent of j_password and j_username; i
guess that i have to put the extra parameter in the login form and in the definition
of the realm; but where i have to include
On 11/27/2003 06:41 PM Jose Antonio Chirinos wrote:
Hi, i have a web application that use web authentication through
j_security_check servlet; i need to add an extra parameter diferent
of j_password and j_username; i guess that i have to put the
extra parameter in the login form
Hello there.
I've tried to configure a security realm for pages; that if a user certificate is
present it will be used, but if it doesn't exist the application will resolve the
situation with the user authentication level already known.
After wrestling with the web.xml parameters and defining
Is there anywhere in tomcat that there is convenient access to:
1) The authenticated principal
2) The session
3) The private credentials associated with the principal
Or even just the username, password and session? I want to authenticate a user to my
database (IE,
HttpServletRequest.getUserPrincipal()
or
HttpServletRequest.getRemoteUser()
-Tim
Hart, Justin wrote:
Is there anywhere in tomcat that there is convenient access to:
1) The authenticated principal
2) The session
3) The private credentials associated with the principal
Hi,
Perhaps the problem is well known.
I'm under Tomcat/4.1.18-LE-jdk14
When I use form authentication, with the following code snippet included in web.xml:
web-app
security-constraint
...
web-resource-collection
web-resource-namedeclarativetest/web-resource-name
url-pattern/servlet/chapter9
Hi everybody! I'm new to this list.
I want to use jndi-ldap realm for user authentication to access to some web
services developes with axis.
But how? It's a valid solution or there is something better?
I made up a swing gui where user put login-password...and then? I must say to
server
Hi,
I have a problem with tomcat and SSL in modality of client authentication.
I have generated my keystore and,I have imported my certificate chain in
cacerts under JAVA_HOME/jre/lib/security,
but I haven't imported the user's certificate in the keystore on the
webserver.
In the server.xml
Authentication
Hi,
I have a problem with tomcat and SSL in modality of client authentication.
I have generated my keystore and,I have imported my certificate chain in
cacerts under JAVA_HOME/jre/lib/security,
but I haven't imported the user's certificate in the keystore on the
webserver
Hello,
I have a third party application named Intraspect5.6. It uses Tomcat 4.1 as
servlet engine. It uses Basic Authentication. I want to use the same Basic
Authentication used by Intraspect for my custom application that I have
deployed in the same Tomcat instance. From my webapp, can I go
Can somebody suggest how to implement Basic Authentication in Tomcat4.1 or
use an existing Basic Authentication being used by other application.
Thanks
-sumit
-Original Message-
From: Kumar, Sumit
Sent: Thursday, November 20, 2003 11:44 AM
To: 'Tomcat Users List'
Subject: Basic
It s not use in the class java.net.Authenticator ?
See it
-Original Message-
From: Kumar, Sumit [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 7:01 PM
To: 'Tomcat Users List'
Subject: RE: Basic Authentication
Can somebody suggest how to implement Basic
Jean-Francois,
I don't think this'll work.
The security-constraint tag defines what resources need to be
protected. The authentication mode is defined in the login-config tag
and you can only have one of those per application.
I posted a workaround a couple of weeks ago.
-Vincent.
Jean
Hello Christopher,
It's possible that you'll still have the same session, but you'll just
have to re-login. Does that make any sense?
That's my problem exactly. I don't think that it makes any sense either. The
only explanation seems to be that the container based authentication in
Tomcat 4.1
that it makes any sense either. The
only explanation seems to be that the container based authentication in
Tomcat 4.1 has been implemented without session persistence in mind. I'm
afraid I will have to change to application based authentication after all.
Hi Andreas,
since you are in the experimental stage
Andreas,
It's possible that you'll still have the same session, but you'll
just have to re-login. Does that make any sense?
That's my problem exactly. I don't think that it makes any sense
either. The only explanation seems to be that the container based
authentication in Tomcat 4.1 has been
Robert Jacolin wrote:
Hi,
I installed jakarta-tomcat-4.0.6 on WIN NT4 with IIS 4. I've following
the manual to make tomcat and IIS to work together (with the isapi
filter). My application works like I want except that authentification
doesn't work.
In IIS, I've enabled WIN NT authentication
-
From: Christopher Schultz [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 13, 2003 1:59 PM
To: Tomcat Users List
Subject: Re: AW: AW: AW: Container based authentication and session
persistenc e with Tomcat 4.1.29
Andreas,
It's possible that you'll still have the same session, but you'll
just
Hi,
Is it possible to have a web app that uses both FORM and BASIC
authentication or can only 1 be used ?
Thanks
Matt
_
On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile
Andreas,
How often do you think you'll be re-starting Tomcat while the
application is running in the wild?
That is totally up to my employer. Since we are a dynamic company changes
could happen often. At least more often than I would like to confront my
users with a mysteriously broken session.
I
both FORM and BASIC
authentication or can only 1 be used ?
Thanks
Matt
_
On the move? Get Hotmail on your mobile phone
http://www.msn.co.uk/msnmobile
-config
auth-methodFORM/auth-method
realm-nameForm-Based Authentication Area/realm-name
form-login-config
form-login-page/auth/login.html/form-login-page
form-error-page/auth/error.html/form-error-page
/form-login-config
/login-config
Authentication Area/realm-name
form-login-config
form-login-page/auth/login.html/form-login-page
form-error-page/auth/error.html/form-error-page
/form-login-config
/login-config
Is there a way to put those two pages in a location that is accessible by any context
Hello,
[ What I'm trying to do ]
I'm trying to use container based authentication while having session
persistence provided by a PersistentManager (with FileStore) with Tomcat
4.1.29 (running under Windows XP for development purposes).
[ What works ]
Form-based authentication via
Ricardo,
Is there a way to put those two pages in a location that is
accessible by any context? If there is, how do I setup my web.xml
file?
You want the login pages for every webapp to look the same?
If that's what you really want to do, I think you'll have to use
symbolic links on the
believe this is the wrong approach.
Am I just missing something or is this really a problem? Has anyone
accomplished to have persistent sessions with this (or any other) setup and
can give me a hint?
I'm reluctant to use application based authentication both because of the
work this would cause
how that could be accomplished?
Greetings
Andreas Mohrig
-Ursprungliche Nachricht-
Von: Christopher Schultz [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 12. November 2003 16:48
An: Tomcat Users List
Betreff: Re: Container based authentication and session persistence with
Tomca t 4.1.29
Andreas,
Concerning my intentions, I do not want to preserve the session-state
between two logins or between more than one session for a given user. I want
to preserve the session-state between server-restarts in case of necessary
(but normally fast) maintenance operations (changes on certain
, too. Did you
ever try PersistentManager with Tomcat 4.1 and container based
authentication? Did your setup behave differently?
Greetings
Andreas Mohrig
- IT-Entwicklung -
cadooz AG- Gutschein- und Pramiensysteme
Osterbekstr. 90b
22083 Hamburg
Email: [EMAIL PROTECTED]
Tel
authentication? Did your setup behave differently?
I never did anything like this. I suspect that Tomcat loses its
authentication mappings on a restart. I also suspect that your session
will still be full even if you have to re-login.
-chris
Hi,
I am using: tomcat 4.1.18
Using Form Based Authentication with JDBCRealm
login-config
auth-methodFORM/auth-method
realm-nameJDBCRealm/realm-name
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/login.jsp/form-error-page
/form-login-config
/login-config
When
Goal: Using forms based authentication, a user logs into a site with a valid user
ID/password, and is redirected to a page explaining that the password has expired and
user must change their password.
What's a good way to reach this goal? I've been working with a custom realm module, so
I know
A possible solution:
- Your custom realm sets a session attribute to indicate that the password must
be changed.
- You create a filter that checks this attribute and redirect the use to the
password change page if needed.
-Vincent.
Goal: Using forms based authentication, a user logs
Vincent,
Thanks! Great solution. How can I set a session variable in a custom realm?
-Original Message-
From: Vincent Aumont [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:24 AM
To: Tomcat Users List
Subject: Re: Realm Authentication and Password Change
A possible solution
-
From: Vincent Aumont [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:24 AM
To: Tomcat Users List
Subject: Re: Realm Authentication and Password Change
A possible solution:
- Your custom realm sets a session attribute to indicate that the password must
be changed.
- You create a filter
-Original Message-
From: Vincent Aumont [mailto:[EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:57 AM
To: Tomcat Users List
Subject: Re: Realm Authentication and Password Change
session.setAttribute().
Don't forget to remove the attribute from the session when you're done,
Actually, you
You could use a Filter. Once authenticated, the filter can check to see if
the user's password needed changed. If so, you can sendRedirect() or let the
next filter in the chain do its thing.
-Tim
Shain, Jim wrote:
Goal: Using forms based authentication, a user logs into a site with a valid
Hi,
I'm under Tomcat/4.1.18-LE-jdk14 and just have tested form based example.
Unfortunately, when I access
http://localhost:8080/examples/jsp/security/protected/index.jsp
i'm well redirected to login.jsp as mentionned in web.xml
form-login-config
.
deric stroud [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi,
I'm trying to configure SSL on a standalone Tomcat webserver 4.0.6. and
I can't quite work out how and where to configure the server to allow
the use of strong authentication only (1024) during cipher suite
negotiation.
Does
Is anybody else out there using a Mozilla nightly build? Seems they've
introduced a bug since the last major release (1.5) that stops me
logging in using form-based authentication.
It would cool if anybody else affected here would vote for the bug on
bugzilla:
http://bugzilla.mozilla.org
Hi,
I installed jakarta-tomcat-4.0.6 on WIN NT4 with IIS 4. I've following
the manual to make tomcat and IIS to work together (with the isapi
filter). My application works like I want except that authentification
doesn't work.
In IIS, I've enabled WIN NT authentication (basic authentication
Hi,
I'm trying to configure SSL on a standalone Tomcat webserver 4.0.6. and
I can't quite work out how and where to configure the server to allow
the use of strong authentication only (1024) during cipher suite
negotiation.
Does someone what lines to add to server.xml file or otherwise?
Thanks
http://jakarta.apache.org/tomcat/faq/security.html#https
-Tim
deric stroud wrote:
Hi,
I'm trying to configure SSL on a standalone Tomcat webserver 4.0.6. and
I can't quite work out how and where to configure the server to allow
the use of strong authentication only (1024) during cipher suite
Dear friends,
I have a problem that I can't solve.
I'm trying to use BASIC authentication in TOMCAT 4.0.5 for a web application and
its web.xml file is:
?xml version=1.0 encoding=ISO-8859-1
Hi,
My application has two types of clients: HTML and WML (for small
devices). The controller (Struts) takes care of selecting the
appropriate JSP (html or wml) for each client.
WML clients must use BASIC authentication (they dont support cookies
and url rewriting is not an option). For HTML
?
Adam
On 10/16/2003 12:26 PM Andreas Schildbach wrote:
Hello everyone,
I am trying to set up a JavaMail Session JNDI Resource to an SMTP server
that requires authentication. In the JavaMail documentation I could not
find how to supply a password in the Session Properties. However, I
found a few
Hello everyone,
I am trying to set up a JavaMail Session JNDI Resource to an SMTP server
that requires authentication. In the JavaMail documentation I could not
find how to supply a password in the Session Properties. However, I
found a few Google references to mail.smtp.password
Hi,
I have a servlet which performs some operations with the certificate
used for SSL client authentication. My environment is Apache v1.3.27
forwarding requests to a Tomcat v4.0.3 through a mod_jk-3.3-ap13.
At normal use it works fine, but at heavy load it seems it's mixing
the client
Adam Hardy wrote:
I have set this up with the minimum configuration possible to try to
find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
and the tomcat realm - no SSO, no filters, no templates, no
SSL-redirection.
With this security:
web-resource-collection
form-based authentication loops on the login page, and
sometimes it gives the invalid direct reference error.
As mentioned above, the non-SSL normal form-based login works fine.
In IE6 it works fine too.
Rgds
Adam
--
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9
Hello,
Here's the solution for some major problems, which i expirienced getting client
authentication to work. I'll post it to help people save time. It cost me more than a
week to get it working and the solution is so simple it can be done in less than half
an hour.
Problem 1 getting
authentication
[...]
--- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19
---
FORM can be implemented as an internal redirection, like welcome
files. As a
result, it is not subject to constraints. Please do not reopen the
report.
--
struts 1.1 + tomcat 5.0.12
Hello,
With apache client authentication was so simple. Now my boss wants to use it for
smartcard login and I have to use tomcat with cocoon. Thats why I need the client
authentication with ssl to work. But I just can't fix it can anyone please help me.
All examples wont work I always get
client authentication drives me crazy
Date: Tue, 14 Oct 2003 09:33:26 +0200
Hello,
With apache client authentication was so simple. Now my boss wants to use
it for smartcard login and I have to use tomcat with cocoon. Thats why I
need the client authentication with ssl to work. But I just can't
authentication drives me crazy
This article solved everything for me:
http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html
Follow it to the letter and you will get it to work. Trust me.
From: Twan Munster [EMAIL PROTECTED]
Reply-To: Twan Munster [EMAIL PROTECTED]
To: Tomcat Users List
On 10/14/2003 08:41 AM Bill Barker wrote:
Adam Hardy [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Basically it always stays in non-SSL protocol.
I posted this in bugzilla, being confident that tomcat was not doing
what it was supposed to, but apparently it is. I got the following
there is something special about the colon character to the
authentication dialog.
Thanks for the help.
Derrick
This electronic transmission is strictly confidential to Smith Nephew and
intended solely for the addressee. It may contain information which is
covered by legal, professional
I have set this up with the minimum configuration possible to try to
find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping,
and the tomcat realm - no SSO, no filters, no templates, no SSL-redirection.
With this security:
web-resource-collection
web-resource-nameSSL 4
In the basic authentication approach the userid and password
are concatenated with a ':' between them, base64 encoded, then
placed in an HTTP header to send to the server.
Obviously, the server will have trouble differentiating between
the ':' in the username and the one separating the user name
I should configure SSL for the manager login?
Thanks
On 10/13/2003 02:19 PM [EMAIL PROTECTED] wrote:
[...]
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
cannot configure SSL for form-based authentication
[...]
--- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19
] wrote:
[...]
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766
cannot configure SSL for form-based authentication
[...]
--- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19 ---
FORM can be implemented as an internal redirection, like welcome files. As a
result
Although I've no real idea what an internal tomcat SessionEvent is, it
sounds like it's a bug. Give me the word and I'll enter it in bugzilla.
Adam
On 10/12/2003 01:57 AM Tim Funk wrote:
Hmm. I always thought that when using the SSO valve, logging out of one
webapp automatically logs you out
I am using session.invalidate() to try to cause the user to receive
another login request, using CMS form-based authentication.
I saw the same issue in bugzilla but for basic authentication:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12147
where the tomcat developer/bugzilla person
Authentication information is somewhat stored in the session for form based
authentication. (I can't remember the specifics) So using session.invalidate
should log the user out. This works since the session id which is a cookie or
URL rewriting scheme is what the browser keys
get a login request on my next request.
Also if I only login to one site, even though I get the SSO cookie, when
I invalidate the session, I immediately get a login request. Strange.
This is not correct behaviour for tomcat, is it?
Adam
On 10/11/2003 06:04 PM Tim Funk wrote:
Authentication
Hmm. I always thought that when using the SSO valve, logging out of one
webapp automatically logs you out of all webapps.
The 5 code looks broken based on *very quick* inspection compared to 4.1
based on lines 304-308.
if ( event.getData() != null
logout.equals(
Client cert verification is done against the TrustStore, not the KeyStore.
Tomcat 5 has some improvements for this. Tomcat 4 is still a bit limited.
I have no idea what is goin wrong. Can someone tell me how to make this
work?
Assuming that you don't want to just import the signing cert into
client authentication working. The problem is getting
my existing certificates working in tomcat. Is apache http server it was very easy. I
configured all the stuff in my httpd.conf.
I also tried to get tomcat working with keytool. But ther's something I do wrong. I
alwas get handshake error
authentication working. The problem
is getting my existing certificates working in tomcat. Is apache http server
it was very easy. I configured all the stuff in my httpd.conf.
I also tried to get tomcat working with keytool. But ther's something I do
wrong. I alwas get handshake error.
Can somebody
at
http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html describes.
If I disable client authentication in the tomcat config, the client is able
to comunicate with the server. If I enable the authentication the client
aborts with the following exception:
java.net.SocketException: Software
Can someone please point me in the right direction for integratin NT authentication
with my application running on Tomcat?
I am working on a government project that requires that users be authenticated against
their domain. When a user tries to access the web application at, for example
http://jakarta.apache.org/tomcat/faq/windows.html#ntlm
-Tim
Turansky, Mark wrote:
Can someone please point me in the right direction for integratin NT authentication with my application running on Tomcat?
I am working on a government project that requires that users be authenticated against
Thanks, and I should have gone and read the FAQ *before* posting
mark
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 09, 2003 11:18 AM
To: Tomcat Users List
Subject: Re: Tomcat and NT Authentication
http://jakarta.apache.org/tomcat/faq
. The client is using
HTTPClient from apache. I have done everything the document at
http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html describes.
If I disable client authentication in the tomcat config, the client is
able
to comunicate with the server. If I enable the authentication
Following the advice from this link
http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html
I tried to get SSL client authentication to work by setting the following
entry in tomcat-users.xml:
user username=CN=x, OU=y, O=z, L=a, S=b, C=c password= roles=user/
where x,y,z,etc
Christopher Williams [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Following the advice from this link
http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html
I tried to get SSL client authentication to work by setting the following
entry in tomcat-users.xml
Hi,
I am trying to set up a Tomcat application with Windows NT supplied
authentication (using JAAS and the Tagish classes):
the goal is to use the NT users and groups to authenticate and authorise the
users and groups within Tomcat (and our application).
What I don't understand is how to get
That bugzilla issue only addresses filters, not character encoding, with
j_security_check.
On the one hand the servlet 2.4 spec actually addresses response
character encoding issues nicely, with the addition of stuff like:
locale-encoding-mapping-list
locale-encoding-mapping
See the tomcat-dev list archives, there are conversations about that now.
(or the last day or 2)
-Tim
Adam Hardy wrote:
Do you know when the 2.4 spec goes final?
Adam
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configtccom.html#request
-Tim
Nikola Milutinovic wrote:
http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2
Excellent! Now, when are we going to see an update on the JK2 docs? I'm not expecting a tutorial, just a (complete)
My setup:
Windows XP Pro
JDK 1.4.1
JWSDP 1.0
I'm hoping to get SSL client authentication working for web services. I set
up Tomcat for SSL ages ago and it works fine. However, I run into multiple
problems when I attempt to use SSL client authentication.
I have enabled client authentication
Hi
I have tried different different options but cannot get the LDAP authentication to
work in my application.
Following is what i am using.
Tomcat: 4.1.27-LE-jdk14
Apache: 2.0.47
Java : 1.4.2
Linux OS: 7.3
LDAP : IPlanet LDAP Server.
1) In this regard i have
Christopher Williams [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
My setup:
Windows XP Pro
JDK 1.4.1
JWSDP 1.0
I'm hoping to get SSL client authentication working for web services. I
set
up Tomcat for SSL ages ago and it works fine. However, I run into
multiple
problems
the authentication again. Anybody knows the solution?
Another question is how to sepcify the url pattern of
j_security_check. My login page is /secured/login.jsp, I think the
url should be /secured/j_security_check, am I right?
Thanks in advance
Did that alrady. Here's the gory details and the conclusion is valid for 4
and 5. It seems the spec folks took care of the character encoding issue but
forgot how to fix it for j_security_check. So the short term solution is
probably a custom solution per platform. :( (Maybe google has the
workers2.properties and create a dummy htdocs\downloads
directory under apache, the apache authentication works fine. But when I put [uri:/*]
back, I do not get prompted for ID/Password. Here is what I have in httpd.conf. Any
ideas?
Directory d:\Apache\Apache2\htdocs\downloads
AuthType Basic
, 2003 17:17
To: [EMAIL PROTECTED]
Subject: Apache Authentication with Tomcat
I'm trying to protect a /downloads url in apache. My webapp
in Tomcat is in ROOT. So in the workers2.properties file
under apache, I have:
# Map the webapp to the Web server uri space
[uri:/*]
info=my
PROTECTED]
Sent: Tuesday, September 30, 2003 11:27 AM
To: Tomcat Users List
Subject: RE: Apache Authentication with Tomcat
Hi Neil,
Use a Location directive in your httpd.conf instead. e.g.:
Location /downloads
AuthType Basic
AuthName FGIC Downloads
AuthUserFile d:\apache\apache2
http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2
-Original Message-
From: Boemio, Neil (GEI, FGI) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 11:59 AM
To: Tomcat Users List
Subject: RE: Apache Authentication with Tomcat
Excellent! This did the trick
for
authentication. Only minor modifications are made on the original codes so I think it
should be fine. What I also did include changing the
org/apache/catalina/startup/Authenticators.properties
file to add the new authenticator; modifying the server.xml and web.xml accordingly.
Furthermore, I added the entries
Awesome! Works great now! Thanks a bunch!
-Original Message-
From: Robert Priest [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 12:03 PM
To: 'Tomcat Users List'
Subject: RE: Apache Authentication with Tomcat
http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w
When I remove [uri:/*] from workers2.properties and create a dummy
htdocs\downloads directory under apache, the apache authentication works
fine. But when I put [uri:/*] back, I do not get prompted for ID/Password.
Here is what I have in httpd.conf. Any ideas?
Directory d:\Apache\Apache2
http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2
Excellent! Now, when are we going to see an update on the JK2 docs? I'm not expecting
a tutorial, just a (complete) list of all the options. I hate digging through the code
myself.
I know, I can dig through the code, but it is
the authentication again. Anybody knows the solution?
Another question is how to sepcify the url pattern of j_security_check. My login page
is /secured/login.jsp, I think the url should be /secured/j_security_check, am I
right?
Thanks in advance.
-
Do you Yahoo
to trigger it as I found is to first fill the form and got authenticated, then go back and try the authentication again. Anybody knows the solution?
Another question is how to sepcify the url pattern of j_security_check. My login page is /secured/login.jsp, I think the url should be /secured
bypassed. The only way to trigger it as I found
is to first fill the form and got authenticated, then go back and try
the authentication again. Anybody knows the solution?
Another question is how to sepcify the url pattern of
j_security_check. My login page is /secured/login.jsp, I think
Honestly, I personally have no clue with respect to encoding issues. I will
be playing with UTF-8 soon but ala, I am stuck in ISO8859-1 for now.
But my gut feel is container authentication implementation is purely
container dependent. So you'll be stuck with tomcat, or weblogic
I've developed a authentication mechanism on my own because I could not
figure out how to make authentication based on some request - parameters.
This is what I've implemented:
Whenever the user makes a request, the site parameter plus the path is
used to figure out whether the user has
601 - 700 of 1763 matches
Mail list logo