how do you authenticate ? basic ? form based ?
- Original Message -
From: Torsten Rmer [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
Sent: Thursday, June 16, 2005 11:42 PM
Subject: Container Managed Security and mod_jk/Static Contents
Hello!
In order to
Sorry, should have mentioned that. Using form based authentication.
Gurumoorthy schrieb:
how do you authenticate ? basic ? form based ?
- Original Message -
From: Torsten Rmer [EMAIL PROTECTED]
To: Tomcat Users List tomcat-user@jakarta.apache.org
Sent: Thursday, June 16, 2005 11:42 PM
Use LDAP Based authentication ... I have this working very nicely only our
servers
Read JNDI Realm topic of tomcat
Gurus
- Original Message -
From: Bjørn T Johansen [EMAIL PROTECTED]
To: 'Tomcat Users List' tomcat-user@jakarta.apache.org
Sent: Thursday, April 07, 2005 7:05 AM
Subject:
That doesn't help with my problem, does it? I need to create a session object
when
a user logs in, is this possible?
BTJ
Gurumoorthy wrote:
Use LDAP Based authentication ... I have this working very nicely only our
servers
Read JNDI Realm topic of tomcat
Gurus
- Original Message -
javax.servlet.http.SessionListener
For a summary, read the javadocs. For full details read the spec.
Mark
Bjørn T Johansen wrote:
I have a small question... I am used to providing my own authentication system
when
developing web systems, but I am now looking into providing container based
Opps. Typo. That should be:
javax.servlet.http.HttpSessionListener
Mark Thomas wrote:
javax.servlet.http.SessionListener
For a summary, read the javadocs. For full details read the spec.
Mark
Bjørn T Johansen wrote:
I have a small question... I am used to providing my own
authentication system
That seems to be what I am looking for
I will look into this... Thx... :)
BTJ
Mark Thomas wrote:
Opps. Typo. That should be:
javax.servlet.http.HttpSessionListener
Mark Thomas wrote:
javax.servlet.http.SessionListener
For a summary, read the javadocs. For full details read the
It sounds like you'll need to create your own realm. You might be able to
extend JNDIRealm.
You cannot run filters on /j_security_check. The spec says so. Websphere
might allow it - but tomcat doesn't.
-Tim
[EMAIL PROTECTED] wrote:
Thanks Tim Funk for the quick answer,
In FormAuthenticator there is a line:
principal =
context.getRealm().authenticate(username, password);
It returns an
interface java.security.Principal
The Principal stores the username (uid), not the password
http://issues.apache.org/bugzilla/show_bug.cgi?id=21795
You can always write your own Realm which creates your own custom Principal
which can store the password in it. This does require some casting but not
uncommon.
-Tim
[EMAIL PROTECTED] wrote:
Thanks Tim Funk for the quick answer,
In
Thanks again Tim Funk. Your answer is another solution I didn't think of
and it sounds standard conform and secure and clean to me.
I'll develop my own JNDIRealm / JAASRealm and my own
Principal, so I get not only the name and roles of the user out of the
directory
but every other information
On Thu, Jul 08, 2004 at 11:19:39PM -0500, Steve Luzynski wrote:
: Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to
: implement container managed security.
:
: [snip: deployment descriptor]
:
: When I try to hit a url like
: http://localhost:9006/IPBoss/add/add_network.html,
On Jul 9, 2004, at 8:11 AM, QM wrote:
On Thu, Jul 08, 2004 at 11:19:39PM -0500, Steve Luzynski wrote:
: Using Tomcat 5.0.25 on Mac OS X (10.3.4 specifically). Trying to
: implement container managed security.
:
: [snip: deployment descriptor]
:
: When I try to hit a url like
:
Have you tried adding http-method/ elements to
web-resource-collection ?
web-resource-collection
http-methodHEAD/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
http-methodDELETE/http-method
/web-resource-collection
On Jul 9, 2004, at 12:40 PM, Robert F. Hall wrote:
Have you tried adding http-method/ elements to
web-resource-collection ?
web-resource-collection
http-methodHEAD/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
On Fri, Jul 09, 2004 at 03:20:39PM -0500, Steve Luzynski wrote:
: Is there some logging or debugging I can turn on? The stock logs aren't
: showing me anything other than just a normal access to the resources
: that I'm wanting to protect.
Another silly question, then: what's the deployed
On Jul 9, 2004, at 5:52 PM, QM wrote:
On Fri, Jul 09, 2004 at 03:20:39PM -0500, Steve Luzynski wrote:
: Is there some logging or debugging I can turn on? The stock logs
aren't
: showing me anything other than just a normal access to the resources
: that I'm wanting to protect.
Another silly
Steve Luzynski [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Jul 9, 2004, at 12:40 PM, Robert F. Hall wrote:
Have you tried adding http-method/ elements to
web-resource-collection ?
web-resource-collection
http-methodHEAD/http-method
Howdy,
App1 and App2 can have completely separate realms. Read the Realm
configuration reference.
Yoav Shapira
Millennium ChemInformatics
-Original Message-
From: Stephen Ting [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 22, 2003 11:17 PM
To: [EMAIL PROTECTED]; 'Jboss Mailing List'
Miles Daffin wrote:
Hi,TC
version: 3.1Java version:
"1.3.0-C"OS: Win 2000 (SP
1)Has anyone else
tested the Example Basic Authentication Area (see TOMCAT_HOME\readme.txt)
in the example web app?I
placed an index.html in '/examples/jsp/security/protected' directory and
tried the following
20 matches
Mail list logo