RE: Difficulty with SSL authentication without client certificate

PROTECTED] Asunto: Re: Difficulty with SSL authentication without client certificate For what you want, I'd probably go with a Filter that stores the Principal under a well-known-name for use by the Servlet. For Container level security, it is clearly an error if the client won't provide

RE: Difficulty with SSL authentication without client certificate

with SSL authentication without client certificate The most usual case that this behavior of tomcat is a nuissance, is when you wish to accept a SSL session; but if there is no client certificate, go ahead but with some functionality excluded. In my case, I give more sensitive information

Authentication with JAAS / Form Autenthication/ j_security_check

Hi, i have a web application that use web authentication through j_security_check servlet; i need to add an extra parameter diferent of j_password and j_username; i guess that i have to put the extra parameter in the login form and in the definition of the realm; but where i have to include

Re: Authentication with JAAS / Form Autenthication/ j_security_check

On 11/27/2003 06:41 PM Jose Antonio Chirinos wrote: Hi, i have a web application that use web authentication through j_security_check servlet; i need to add an extra parameter diferent of j_password and j_username; i guess that i have to put the extra parameter in the login form

Difficulty with SSL authentication without client certificate

Hello there. I've tried to configure a security realm for pages; that if a user certificate is present it will be used, but if it doesn't exist the application will resolve the situation with the user authentication level already known. After wrestling with the web.xml parameters and defining

Tomcat Multi-Tier Authentication

Is there anywhere in tomcat that there is convenient access to: 1) The authenticated principal 2) The session 3) The private credentials associated with the principal Or even just the username, password and session? I want to authenticate a user to my database (IE,

Re: Tomcat Multi-Tier Authentication

HttpServletRequest.getUserPrincipal() or HttpServletRequest.getRemoteUser() -Tim Hart, Justin wrote: Is there anywhere in tomcat that there is convenient access to: 1) The authenticated principal 2) The session 3) The private credentials associated with the principal

form authentication doesnt't work well

Hi, Perhaps the problem is well known. I'm under Tomcat/4.1.18-LE-jdk14 When I use form authentication, with the following code snippet included in web.xml: web-app security-constraint ... web-resource-collection web-resource-namedeclarativetest/web-resource-name url-pattern/servlet/chapter9

Authentication for web services

Hi everybody! I'm new to this list. I want to use jndi-ldap realm for user authentication to access to some web services developes with axis. But how? It's a valid solution or there is something better? I made up a swing gui where user put login-password...and then? I must say to server

Client Certificate Authentication

Hi, I have a problem with tomcat and SSL in modality of client authentication. I have generated my keystore and,I have imported my certificate chain in cacerts under JAVA_HOME/jre/lib/security, but I haven't imported the user's certificate in the keystore on the webserver. In the server.xml

Re: Client Certificate Authentication

Authentication Hi, I have a problem with tomcat and SSL in modality of client authentication. I have generated my keystore and,I have imported my certificate chain in cacerts under JAVA_HOME/jre/lib/security, but I haven't imported the user's certificate in the keystore on the webserver

Basic Authentication

Hello, I have a third party application named Intraspect5.6. It uses Tomcat 4.1 as servlet engine. It uses Basic Authentication. I want to use the same Basic Authentication used by Intraspect for my custom application that I have deployed in the same Tomcat instance. From my webapp, can I go

RE: Basic Authentication

Can somebody suggest how to implement Basic Authentication in Tomcat4.1 or use an existing Basic Authentication being used by other application. Thanks -sumit -Original Message- From: Kumar, Sumit Sent: Thursday, November 20, 2003 11:44 AM To: 'Tomcat Users List' Subject: Basic

RE : Basic Authentication

It s not use in the class java.net.Authenticator ? See it -Original Message- From: Kumar, Sumit [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 7:01 PM To: 'Tomcat Users List' Subject: RE: Basic Authentication Can somebody suggest how to implement Basic

Re: Web App authentication

Jean-Francois, I don't think this'll work. The security-constraint tag defines what resources need to be protected. The authentication mode is defined in the login-config tag and you can only have one of those per application. I posted a workaround a couple of weeks ago. -Vincent. Jean

AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29

Hello Christopher, It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense? That's my problem exactly. I don't think that it makes any sense either. The only explanation seems to be that the container based authentication in Tomcat 4.1

Re: AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29

that it makes any sense either. The only explanation seems to be that the container based authentication in Tomcat 4.1 has been implemented without session persistence in mind. I'm afraid I will have to change to application based authentication after all. Hi Andreas, since you are in the experimental stage

Re: AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29

Andreas, It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense? That's my problem exactly. I don't think that it makes any sense either. The only explanation seems to be that the container based authentication in Tomcat 4.1 has been

Re: [SOLUTION] Problem of authentication with tomcat/IIS on win NT4

Robert Jacolin wrote: Hi, I installed jakarta-tomcat-4.0.6 on WIN NT4 with IIS 4. I've following the manual to make tomcat and IIS to work together (with the isapi filter). My application works like I want except that authentification doesn't work. In IIS, I've enabled WIN NT authentication

RE: AW: AW: AW: Container based authentication and session persis tenc e with Tomcat 4.1.29

- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 1:59 PM To: Tomcat Users List Subject: Re: AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29 Andreas, It's possible that you'll still have the same session, but you'll just

Web App authentication

Hi, Is it possible to have a web app that uses both FORM and BASIC authentication or can only 1 be used ? Thanks Matt _ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile

Re: AW: AW: AW: Container based authentication and session persis tenc e with Tomcat 4.1.29

Andreas, How often do you think you'll be re-starting Tomcat while the application is running in the wild? That is totally up to my employer. Since we are a dynamic company changes could happen often. At least more often than I would like to confront my users with a mysteriously broken session. I

Re: Web App authentication

both FORM and BASIC authentication or can only 1 be used ? Thanks Matt _ On the move? Get Hotmail on your mobile phone http://www.msn.co.uk/msnmobile

FORM based authentication pages

-config auth-methodFORM/auth-method realm-nameForm-Based Authentication Area/realm-name form-login-config form-login-page/auth/login.html/form-login-page form-error-page/auth/error.html/form-error-page /form-login-config /login-config

Re: FORM based authentication pages

Authentication Area/realm-name form-login-config form-login-page/auth/login.html/form-login-page form-error-page/auth/error.html/form-error-page /form-login-config /login-config Is there a way to put those two pages in a location that is accessible by any context

Container based authentication and session persistence with Tomca t 4.1.29

Hello, [ What I'm trying to do ] I'm trying to use container based authentication while having session persistence provided by a PersistentManager (with FileStore) with Tomcat 4.1.29 (running under Windows XP for development purposes). [ What works ] Form-based authentication via

Re: FORM based authentication pages

Ricardo, Is there a way to put those two pages in a location that is accessible by any context? If there is, how do I setup my web.xml file? You want the login pages for every webapp to look the same? If that's what you really want to do, I think you'll have to use symbolic links on the

Re: Container based authentication and session persistence with Tomca t 4.1.29

believe this is the wrong approach. Am I just missing something or is this really a problem? Has anyone accomplished to have persistent sessions with this (or any other) setup and can give me a hint? I'm reluctant to use application based authentication both because of the work this would cause

AW: Container based authentication and session persistence with T omca t 4.1.29

how that could be accomplished? Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Christopher Schultz [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 16:48 An: Tomcat Users List Betreff: Re: Container based authentication and session persistence with Tomca t 4.1.29

Re: AW: Container based authentication and session persistence with T omca t 4.1.29

Andreas, Concerning my intentions, I do not want to preserve the session-state between two logins or between more than one session for a given user. I want to preserve the session-state between server-restarts in case of necessary (but normally fast) maintenance operations (changes on certain

AW: AW: Container based authentication and session persistence wi th Tomcat 4.1.29

, too. Did you ever try PersistentManager with Tomcat 4.1 and container based authentication? Did your setup behave differently? Greetings Andreas Mohrig - IT-Entwicklung - cadooz AG- Gutschein- und Pramiensysteme Osterbekstr. 90b 22083 Hamburg Email: [EMAIL PROTECTED] Tel

Re: AW: AW: Container based authentication and session persistence wi th Tomcat 4.1.29

authentication? Did your setup behave differently? I never did anything like this. I suspect that Tomcat loses its authentication mappings on a restart. I also suspect that your session will still be full even if you have to re-login. -chris

Form Based Authentication not redirecting to URL with IE

Hi, I am using: tomcat 4.1.18 Using Form Based Authentication with JDBCRealm login-config auth-methodFORM/auth-method realm-nameJDBCRealm/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/login.jsp/form-error-page /form-login-config /login-config When

Realm Authentication and Password Change

Goal: Using forms based authentication, a user logs into a site with a valid user ID/password, and is redirected to a page explaining that the password has expired and user must change their password. What's a good way to reach this goal? I've been working with a custom realm module, so I know

Re: Realm Authentication and Password Change

A possible solution: - Your custom realm sets a session attribute to indicate that the password must be changed. - You create a filter that checks this attribute and redirect the use to the password change page if needed. -Vincent. Goal: Using forms based authentication, a user logs

RE: Realm Authentication and Password Change

Vincent, Thanks! Great solution. How can I set a session variable in a custom realm? -Original Message- From: Vincent Aumont [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:24 AM To: Tomcat Users List Subject: Re: Realm Authentication and Password Change A possible solution

Re: Realm Authentication and Password Change

- From: Vincent Aumont [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:24 AM To: Tomcat Users List Subject: Re: Realm Authentication and Password Change A possible solution: - Your custom realm sets a session attribute to indicate that the password must be changed. - You create a filter

RE: Realm Authentication and Password Change

-Original Message- From: Vincent Aumont [mailto:[EMAIL PROTECTED] Sent: Monday, November 10, 2003 10:57 AM To: Tomcat Users List Subject: Re: Realm Authentication and Password Change session.setAttribute(). Don't forget to remove the attribute from the session when you're done, Actually, you

Re: Realm Authentication and Password Change

You could use a Filter. Once authenticated, the filter can check to see if the user's password needed changed. If so, you can sendRedirect() or let the next filter in the chain do its thing. -Tim Shain, Jim wrote: Goal: Using forms based authentication, a user logs into a site with a valid

Example form-based authentication

Hi, I'm under Tomcat/4.1.18-LE-jdk14 and just have tested form based example. Unfortunately, when I access http://localhost:8080/examples/jsp/security/protected/index.jsp i'm well redirected to login.jsp as mentionned in web.xml form-login-config

Re: Forcing strong authentication with Tomcat 4.0.6 standalone web server

. deric stroud [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I'm trying to configure SSL on a standalone Tomcat webserver 4.0.6. and I can't quite work out how and where to configure the server to allow the use of strong authentication only (1024) during cipher suite negotiation. Does

mozilla nightly build and tomcat form-based authentication

Is anybody else out there using a Mozilla nightly build? Seems they've introduced a bug since the last major release (1.5) that stops me logging in using form-based authentication. It would cool if anybody else affected here would vote for the bug on bugzilla: http://bugzilla.mozilla.org

Problem of authentication with tomcat/IIS on win NT4

Hi, I installed jakarta-tomcat-4.0.6 on WIN NT4 with IIS 4. I've following the manual to make tomcat and IIS to work together (with the isapi filter). My application works like I want except that authentification doesn't work. In IIS, I've enabled WIN NT authentication (basic authentication

Forcing strong authentication with Tomcat 4.0.6 standalone web server

Hi, I'm trying to configure SSL on a standalone Tomcat webserver 4.0.6. and I can't quite work out how and where to configure the server to allow the use of strong authentication only (1024) during cipher suite negotiation. Does someone what lines to add to server.xml file or otherwise? Thanks

Re: Forcing strong authentication with Tomcat 4.0.6 standalone web server

http://jakarta.apache.org/tomcat/faq/security.html#https -Tim deric stroud wrote: Hi, I'm trying to configure SSL on a standalone Tomcat webserver 4.0.6. and I can't quite work out how and where to configure the server to allow the use of strong authentication only (1024) during cipher suite

Basci Authentication... Please help me...

Dear friends, I have a problem that I can't solve. I'm trying to use BASIC authentication in TOMCAT 4.0.5 for a web application and its web.xml file is: ?xml version=1.0 encoding=ISO-8859-1

Using BASIC and FORM authentication in the same webapp

Hi, My application has two types of clients: HTML and WML (for small devices). The controller (Struts) takes care of selecting the appropriate JSP (html or wml) for each client. WML clients must use BASIC authentication (they dont support cookies and url rewriting is not an option). For HTML

Re: JavaMail Session JNDI Resource and Authentication

? Adam On 10/16/2003 12:26 PM Andreas Schildbach wrote: Hello everyone, I am trying to set up a JavaMail Session JNDI Resource to an SMTP server that requires authentication. In the JavaMail documentation I could not find how to supply a password in the Session Properties. However, I found a few

JavaMail Session JNDI Resource and Authentication

Hello everyone, I am trying to set up a JavaMail Session JNDI Resource to an SMTP server that requires authentication. In the JavaMail documentation I could not find how to supply a password in the Session Properties. However, I found a few Google references to mail.smtp.password

Mixing SSL authentication certificates

Hi, I have a servlet which performs some operations with the certificate used for SSL client authentication. My environment is Apache v1.3.27 forwarding requests to a Tomcat v4.0.3 through a mod_jk-3.3-ap13. At normal use it works fine, but at heavy load it seems it's mixing the client

Re: TC5 ssl form-based authentication mozilla

Adam Hardy wrote: I have set this up with the minimum configuration possible to try to find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping, and the tomcat realm - no SSO, no filters, no templates, no SSL-redirection. With this security: web-resource-collection

Re: TC5 ssl form-based authentication mozilla

form-based authentication loops on the login page, and sometimes it gives the invalid direct reference error. As mentioned above, the non-SSL normal form-based login works fine. In IE6 it works fine too. Rgds Adam -- struts 1.1 + tomcat 5.0.12 + java 1.4.2 Linux 2.4.20 RH9

solution problems with ssl client authentication

Hello, Here's the solution for some major problems, which i expirienced getting client authentication to work. I'll post it to help people save time. It cost me more than a week to get it working and the solution is so simple it can be done in less than half an hour. Problem 1 getting

Re: manager.xml: cannot configure SSL for form-based authentication

authentication [...] --- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19 --- FORM can be implemented as an internal redirection, like welcome files. As a result, it is not subject to constraints. Please do not reopen the report. -- struts 1.1 + tomcat 5.0.12

ssl client authentication drives me crazy

Hello, With apache client authentication was so simple. Now my boss wants to use it for smartcard login and I have to use tomcat with cocoon. Thats why I need the client authentication with ssl to work. But I just can't fix it can anyone please help me. All examples wont work I always get

Re: ssl client authentication drives me crazy

client authentication drives me crazy Date: Tue, 14 Oct 2003 09:33:26 +0200 Hello, With apache client authentication was so simple. Now my boss wants to use it for smartcard login and I have to use tomcat with cocoon. Thats why I need the client authentication with ssl to work. But I just can't

Re: ssl client authentication drives me crazy

authentication drives me crazy This article solved everything for me: http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html Follow it to the letter and you will get it to work. Trust me. From: Twan Munster [EMAIL PROTECTED] Reply-To: Twan Munster [EMAIL PROTECTED] To: Tomcat Users List

Re: manager.xml: cannot configure SSL for form-based authentication

On 10/14/2003 08:41 AM Bill Barker wrote: Adam Hardy [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Basically it always stays in non-SSL protocol. I posted this in bugzilla, being confident that tomcat was not doing what it was supposed to, but apparently it is. I got the following

basic jdbc realm authentication

there is something special about the colon character to the authentication dialog. Thanks for the help. Derrick This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional

TC5 ssl form-based authentication mozilla

I have set this up with the minimum configuration possible to try to find the problem. 1 JSP, one Struts action mapping, 1 servlet mapping, and the tomcat realm - no SSO, no filters, no templates, no SSL-redirection. With this security: web-resource-collection web-resource-nameSSL 4

Re: basic jdbc realm authentication

In the basic authentication approach the userid and password are concatenated with a ':' between them, base64 encoded, then placed in an HTTP header to send to the server. Obviously, the server will have trouble differentiating between the ':' in the username and the one separating the user name

manager.xml: cannot configure SSL for form-based authentication

I should configure SSL for the manager login? Thanks On 10/13/2003 02:19 PM [EMAIL PROTECTED] wrote: [...] http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766 cannot configure SSL for form-based authentication [...] --- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19

cannot configure SSL for form-based authentication

] wrote: [...] http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23766 cannot configure SSL for form-based authentication [...] --- Additional Comments From [EMAIL PROTECTED] 2003-10-13 12:19 --- FORM can be implemented as an internal redirection, like welcome files. As a result

Re: form-based authentication session.invalidate

Although I've no real idea what an internal tomcat SessionEvent is, it sounds like it's a bug. Give me the word and I'll enter it in bugzilla. Adam On 10/12/2003 01:57 AM Tim Funk wrote: Hmm. I always thought that when using the SSO valve, logging out of one webapp automatically logs you out

form-based authentication session.invalidate

I am using session.invalidate() to try to cause the user to receive another login request, using CMS form-based authentication. I saw the same issue in bugzilla but for basic authentication: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12147 where the tomcat developer/bugzilla person

Re: form-based authentication session.invalidate

Authentication information is somewhat stored in the session for form based authentication. (I can't remember the specifics) So using session.invalidate should log the user out. This works since the session id which is a cookie or URL rewriting scheme is what the browser keys

Re: form-based authentication session.invalidate

get a login request on my next request. Also if I only login to one site, even though I get the SSO cookie, when I invalidate the session, I immediately get a login request. Strange. This is not correct behaviour for tomcat, is it? Adam On 10/11/2003 06:04 PM Tim Funk wrote: Authentication

Re: form-based authentication session.invalidate

Hmm. I always thought that when using the SSO valve, logging out of one webapp automatically logs you out of all webapps. The 5 code looks broken based on *very quick* inspection compared to 4.1 based on lines 304-308. if ( event.getData() != null logout.equals(

Re: Tomcat 4 + ssl + client authentication

Client cert verification is done against the TrustStore, not the KeyStore. Tomcat 5 has some improvements for this. Tomcat 4 is still a bit limited. I have no idea what is goin wrong. Can someone tell me how to make this work? Assuming that you don't want to just import the signing cert into

ssl client authentication again

client authentication working. The problem is getting my existing certificates working in tomcat. Is apache http server it was very easy. I configured all the stuff in my httpd.conf. I also tried to get tomcat working with keytool. But ther's something I do wrong. I alwas get handshake error

Re: ssl client authentication again

authentication working. The problem is getting my existing certificates working in tomcat. Is apache http server it was very easy. I configured all the stuff in my httpd.conf. I also tried to get tomcat working with keytool. But ther's something I do wrong. I alwas get handshake error. Can somebody

Tomcat 4 + ssl + client authentication

at http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html describes. If I disable client authentication in the tomcat config, the client is able to comunicate with the server. If I enable the authentication the client aborts with the following exception: java.net.SocketException: Software

Tomcat and NT Authentication

Can someone please point me in the right direction for integratin NT authentication with my application running on Tomcat? I am working on a government project that requires that users be authenticated against their domain. When a user tries to access the web application at, for example

Re: Tomcat and NT Authentication

http://jakarta.apache.org/tomcat/faq/windows.html#ntlm -Tim Turansky, Mark wrote: Can someone please point me in the right direction for integratin NT authentication with my application running on Tomcat? I am working on a government project that requires that users be authenticated against

RE: Tomcat and NT Authentication

Thanks, and I should have gone and read the FAQ *before* posting mark -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Thursday, October 09, 2003 11:18 AM To: Tomcat Users List Subject: Re: Tomcat and NT Authentication http://jakarta.apache.org/tomcat/faq

Re: Tomcat 4 + ssl + client authentication

. The client is using HTTPClient from apache. I have done everything the document at http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html describes. If I disable client authentication in the tomcat config, the client is able to comunicate with the server. If I enable the authentication

SSL Client authentication: what goes in tomcat-users.xml?

Following the advice from this link http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html I tried to get SSL client authentication to work by setting the following entry in tomcat-users.xml: user username=CN=x, OU=y, O=z, L=a, S=b, C=c password= roles=user/ where x,y,z,etc

Re: SSL Client authentication: what goes in tomcat-users.xml?

Christopher Williams [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Following the advice from this link http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html I tried to get SSL client authentication to work by setting the following entry in tomcat-users.xml

Authentication, JAAS (Tagish), remoteUser and Tomcat

Hi, I am trying to set up a Tomcat application with Windows NT supplied authentication (using JAAS and the Tagish classes): the goal is to use the NT users and groups to authenticate and authorise the users and groups within Tomcat (and our application). What I don't understand is how to get

Re: Filter for Form Authentication Problem

That bugzilla issue only addresses filters, not character encoding, with j_security_check. On the one hand the servlet 2.4 spec actually addresses response character encoding issues nicely, with the addition of stuff like: locale-encoding-mapping-list locale-encoding-mapping

Re: Filter for Form Authentication Problem

See the tomcat-dev list archives, there are conversations about that now. (or the last day or 2) -Tim Adam Hardy wrote: Do you know when the 2.4 spec goes final? Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For

Re: Apache Authentication with Tomcat

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configtccom.html#request -Tim Nikola Milutinovic wrote: http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2 Excellent! Now, when are we going to see an update on the JK2 docs? I'm not expecting a tutorial, just a (complete)

SSL Client authentication woes

My setup: Windows XP Pro JDK 1.4.1 JWSDP 1.0 I'm hoping to get SSL client authentication working for web services. I set up Tomcat for SSL ages ago and it works fine. However, I run into multiple problems when I attempt to use SSL client authentication. I have enabled client authentication

JNDIRealm(LDAP) Authentication Configuration Sample Required

Hi I have tried different different options but cannot get the LDAP authentication to work in my application. Following is what i am using. Tomcat: 4.1.27-LE-jdk14 Apache: 2.0.47 Java : 1.4.2 Linux OS: 7.3 LDAP : IPlanet LDAP Server. 1) In this regard i have

Re: SSL Client authentication woes

Christopher Williams [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] My setup: Windows XP Pro JDK 1.4.1 JWSDP 1.0 I'm hoping to get SSL client authentication working for web services. I set up Tomcat for SSL ages ago and it works fine. However, I run into multiple problems

Re: Filter for Form Authentication Problem

the authentication again. Anybody knows the solution? Another question is how to sepcify the url pattern of j_security_check. My login page is /secured/login.jsp, I think the url should be /secured/j_security_check, am I right? Thanks in advance

Re: Filter for Form Authentication Problem

Did that alrady. Here's the gory details and the conclusion is valid for 4 and 5. It seems the spec folks took care of the character encoding issue but forgot how to fix it for j_security_check. So the short term solution is probably a custom solution per platform. :( (Maybe google has the

Apache Authentication with Tomcat

workers2.properties and create a dummy htdocs\downloads directory under apache, the apache authentication works fine. But when I put [uri:/*] back, I do not get prompted for ID/Password. Here is what I have in httpd.conf. Any ideas? Directory d:\Apache\Apache2\htdocs\downloads AuthType Basic

RE: Apache Authentication with Tomcat

, 2003 17:17 To: [EMAIL PROTECTED] Subject: Apache Authentication with Tomcat I'm trying to protect a /downloads url in apache. My webapp in Tomcat is in ROOT. So in the workers2.properties file under apache, I have: # Map the webapp to the Web server uri space [uri:/*] info=my

RE: Apache Authentication with Tomcat

PROTECTED] Sent: Tuesday, September 30, 2003 11:27 AM To: Tomcat Users List Subject: RE: Apache Authentication with Tomcat Hi Neil, Use a Location directive in your httpd.conf instead. e.g.: Location /downloads AuthType Basic AuthName FGIC Downloads AuthUserFile d:\apache\apache2

RE: Apache Authentication with Tomcat

http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2 -Original Message- From: Boemio, Neil (GEI, FGI) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2003 11:59 AM To: Tomcat Users List Subject: RE: Apache Authentication with Tomcat Excellent! This did the trick

Re: Filter for Form Authentication Problem

for authentication. Only minor modifications are made on the original codes so I think it should be fine. What I also did include changing the org/apache/catalina/startup/Authenticators.properties file to add the new authenticator; modifying the server.xml and web.xml accordingly. Furthermore, I added the entries

RE: Apache Authentication with Tomcat

Awesome! Works great now! Thanks a bunch! -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2003 12:03 PM To: 'Tomcat Users List' Subject: RE: Apache Authentication with Tomcat http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w

Re: Apache Authentication with Tomcat

When I remove [uri:/*] from workers2.properties and create a dummy htdocs\downloads directory under apache, the apache authentication works fine. But when I put [uri:/*] back, I do not get prompted for ID/Password. Here is what I have in httpd.conf. Any ideas? Directory d:\Apache\Apache2

Re: Apache Authentication with Tomcat

http://marc.theaimsgroup.com/?l=tomcat-userm=106070071117870w=2 Excellent! Now, when are we going to see an update on the JK2 docs? I'm not expecting a tutorial, just a (complete) list of all the options. I hate digging through the code myself. I know, I can dig through the code, but it is

Filter for Form Authentication Problem

the authentication again. Anybody knows the solution? Another question is how to sepcify the url pattern of j_security_check. My login page is /secured/login.jsp, I think the url should be /secured/j_security_check, am I right? Thanks in advance. - Do you Yahoo

Re: Filter for Form Authentication Problem

to trigger it as I found is to first fill the form and got authenticated, then go back and try the authentication again. Anybody knows the solution? Another question is how to sepcify the url pattern of j_security_check. My login page is /secured/login.jsp, I think the url should be /secured

Re: Filter for Form Authentication Problem

bypassed. The only way to trigger it as I found is to first fill the form and got authenticated, then go back and try the authentication again. Anybody knows the solution? Another question is how to sepcify the url pattern of j_security_check. My login page is /secured/login.jsp, I think

Re: Filter for Form Authentication Problem

Honestly, I personally have no clue with respect to encoding issues. I will be playing with UTF-8 soon but ala, I am stuck in ISO8859-1 for now. But my gut feel is container authentication implementation is purely container dependent. So you'll be stuck with tomcat, or weblogic

Authentication - based on request parameters

I've developed a authentication mechanism on my own because I could not figure out how to make authentication based on some request - parameters. This is what I've implemented: Whenever the user makes a request, the site parameter plus the path is used to figure out whether the user has

<    2   3   4   5   6   7   8   9   10   11   >