Hello everybody,
If this is not the appropriate mailing list, please tell me which mailing list
I should use.
I have writte a first jaas login module and it does authenticate users by
logging into an imap server. If the credentials establish a connection and
the inbox can be opened, the login
I tried to use form based authentication with JNDIRealm. What I want to
accomplish is to have the two applications with the same realm be
authenticated once. It seems the tomcat ignored the realm. I have to
login twice. For example: when I login to http://localhost:8080/app1
successfully, then
If i deploy the war file
http://www.onjava.com/onjava/2002/06/12/examples/security-form-based.war
it works fine. If i place a main.html file in the protected folder, i
get and error 404 for the
following:
http://127.0.0.1:8080/security-form-based/protected/main.html
With a different war file (
> From: Oliver Block [mailto:li...@oliver-block.eu]
> Subject: Form-based authentication
>
> But now I do not see how to connect the authentication module
> to a security constraint. I mean, do I have to add every user
> that has an imap account to web.xml?
No, each user wou
Am Samstag, 20. Juni 2009 23:41:11 schrieb Caldarale, Charles R:
> > From: Oliver Block [mailto:li...@oliver-block.eu]
> > Subject: Form-based authentication
> >
> > But now I do not see how to connect the authentication module
> > to a security constraint. I mea
> From: Oliver Block [mailto:li...@oliver-block.eu]
> Subject: Re: Form-based authentication
>
> Are the roles passed to the LoginModule?
No, you hard-code the single role name in the LoginModule, using whatever value
you have in web.xml (currently "User"). You must
Am Sonntag, 21. Juni 2009 01:34:29 schrieb Caldarale, Charles R:
> [...] you hard-code the single role name in the LoginModule, using whatever
> value you have in web.xml (currently "User"). You must have a role class
> that implements Principal and Serializable (in addition to the Principal
> cl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/22/2009 10:46 AM, Jill Han wrote:
> I tried to use form based authentication with JNDIRealm. What I want to
> accomplish is to have the two applications with the same realm be
> authenticated once. It seems the tomcat ignored the
il 22, 2009 11:11 AM
To: Tomcat Users List
Subject: Re: form based authentication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/22/2009 10:46 AM, Jill Han wrote:
> I tried to use form based authentication with JNDIRealm. What I want to
> accomplish is to have the two applicatio
> From: Jill Han [mailto:jill@alverno.edu]
> Subject: RE: form based authentication
>
> However, this makes authentication activated only once although the
> applications have different realms.
To quote from the SSO doc:
"All web applications configured for this virtual
plications in the web.xml have different , those
applications need to be authenticated separately.
Those tasks can be achieved if basic authentication as
BASIC
TEST
is used.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Wednesday, Apri
ubject: RE: form based authentication
There is single in server.xml
...
ldap://url:389";
alternateURL="ldap://url:389";
userBase="DC=AC"
userSearch="(sAMAccountName={0})"
userRole
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jill,
On 4/22/2009 3:11 PM, Jill Han wrote:
> What I want to do is all the applications have the same realm config
> in server.xml.
That's not what you said earlier: you said you wanted /certain/
applications to have SSO behavior. SSO works by creati
Hi,
I have written a JAAS LoginModule and use it with FORM based
authentication. Everything works fine, except I can't figure out how to
log a user out. I have tried to invalidate the session and get a new
one. No Dice. I did a search on the source and didn't find much. There
are a
Hi Team,
We are facing some weird issue with tomcat Form based authentication, I will
try to explain the scenario as below:
issue is reproducible in specific conditions, when browser cache is disabled,
and cleared out before session timeout. In this conditions after session
timeout when user
Hi to everyone. I'm developing a JSP application with form-based
authentication (with user data stored in an OpenLDAP directory) running in
Tomcat 5.5. The application has two features: a web portal and a WAP portal.
The file web.xml is configured with the necessary security constraints
> From: John McPeek [mailto:[EMAIL PROTECTED]
> Subject: FORM based authentication LOGOUT
>
> I have tried to invalidate the session and get a new one.
> No Dice.
When you say "No Dice", what actually happens?
All the admin app for Tomcat does is the follo
When I call request.getUserPrincipal(); I still get the Principal back
and I can still call request.isUserInRole( "Foo" ); and get a valid
response for the currently logged in user.
John
From: John McPeek [mailto:[EMAIL PROTECTED]
Subject: FORM based authentication LOGOUT
I hav
sion? It's possible that the request needs to be recycled
(or a new session created) before getUserPrincipal and isUserInRole will
return different values. Just a thought?
-chris
>
> John
>
>>> From: John McPeek [mailto:[EMAIL PROTECTED] Subject: FORM based
>>
dynamically by implementing an
AuthConfigProvider).
Now here are my questions:
1. Is there a possibility to activate the JASPIC provider for only one of the
two applications?
2. OR there is an AuthConfigProvider that could implement the FORM based
authentication.
thanks in advance
Matthias
: issue with Form based authentication
Importance: High
Hi Team,
We are facing some weird issue with tomcat Form based authentication, I will
try to explain the scenario as below:
issue is reproducible in specific conditions, when browser cache is disabled,
and cleared out before session timeout
Thanks and Regards,
Rajendra Rathore
9922701491
From: Rathore, Rajendra
Sent: Thursday, December 30, 2021 4:25 PM
To: users@tomcat.apache.org
Subject: issue with Form based authentication
Importance: High
Hi Team,
We are facing some weird issue with tomcat Form based authentication, I will
try
://docs.google.com/document/d/1Ziojwm6rPvyuJ6rpJR1tu0e5xTfnawrHeLz3QvL28XA/edit?usp=sharing
Thanks and Regards,
Rajendra Rathore
9922701491
From: Rathore, Rajendra
Sent: Thursday, December 30, 2021 4:25 PM
To: users@tomcat.apache.org
Subject: issue with Form based authentication
Importance: High
Hi Team
Hello,
I would like to have an extra field in my form-based login page, but I'm
wondering how I can retrieve the value of that extra field within my
application (request.getParameter("blabla") does not work).
I searched the web and a suggestion was to override authenticate() in
FormAuthenticat
using tomcat´s form-based authentication ("j_username" and
"j_password"), is there any support for "remember me" feature? (saving
encripted password into a cookie and reading it back in the next
visit), or will I have to code myself the a whole new authentication
Okay this is my first try at container based authentication using Realms in
Tomcat. And things have gone wrong. Here is my login page -:
Login
User ID:
Password:
As you can see its as simple as it can get.
Once I click Submit with proper user creds I am suppose to
provider in the
jaspic-providers.xml file limits the JASPIC configuration to a single
web application.
2. OR there is an AuthConfigProvider that could implement the FORM based
authentication.
Not that I am aware of.
Mark
-
To
-Ursprüngliche Nachricht-
Von: Mark Thomas
Gesendet: Montag, 22. November 2021 18:28
An: users@tomcat.apache.org
Betreff: Re: JASPIC Provider for FORM based Authentication
On 22/11/2021 12:00, Keil, Matthias (ORISA Software GmbH) wrote:
> Hello everyone,
>
> I take up a to
Gesendet: Montag, 22. November 2021 18:28
An: users@tomcat.apache.org
Betreff: Re: JASPIC Provider for FORM based Authentication
On 22/11/2021 12:00, Keil, Matthias (ORISA Software GmbH) wrote:
> Hello everyone,
>
> I take up a topic of my own again. The point there was that I woul
I am not sure if this is a configuration problem, but I can't get the
basic/form-based authentication working on Tomcat 6.0, and couldn't even get
the protected jsp example
(http://localhost:8080/examples/jsp/security/protected) that bundled with the
tomcat distribution.
I&#x
In form based authentication - you have no access to the processor other
than your suggestion of overriding authenticate() in FormAuthenticator.
Depending on the purpose of the field you could always perform a kludge
of setting the 3rd value in a cookie and have a filter check for hte
cookie
ces termes:
> In form based authentication - you have no access to the processor
> other than your suggestion of overriding authenticate() in
> FormAuthenticator.
>
> Depending on the purpose of the field you could always perform a
> kludge of setting the 3rd value in a cookie and h
in that case ... wouldn't the User-Agent header do the trick?
-Tim
dirk ooms wrote:
interesting suggestion, but in my case the extra field is not related to the
username. i would like to have a field where the user indicates on what type
of device he/she works, so we can offer the appropriate
51, Tim Funk s'exprimait en ces termes:
> > In form based authentication - you have no access to the processor
> > other than your suggestion of overriding authenticate() in
> > FormAuthenticator.
> >
> > Depending on the purpose of the field you could always pe
On Thursday 13 December 2007 13:54, Tim Funk wrote:
> in that case ... wouldn't the User-Agent header do the trick?
AFAIK not, the screenwidth is the main thing i want to adapt to and i can have
Firefox/Linux running on a webtablet with 800px screen, but also on a desktop
with 1900px.
>
> -Tim
Providing a separate form to choose layout would be far easier to do and
maintain.
Login form should contains only login informations (cf J2EE specs). If
you want to play with customization of login form that go beyong what is
allowed by j2EE security model, just forget container managed
authenti
[mailto:[EMAIL PROTECTED]
Sent: Thursday, December 13, 2007 5:00 AM
To: users@tomcat.apache.org
Subject: extra field in form-based authentication
Hello,
I would like to have an extra field in my form-based login page, but I'm
wondering how I can retrieve the value of that extra field with
: Thursday, December 13, 2007 6:49 AM
To: users@tomcat.apache.org
Cc: David Delbecq
Subject: Re: extra field in form-based authentication
interesting suggestion, but in my case the extra field is not related to the
username. i would like to have a field where the user indicates on what type
of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
> Login form should contains only login informations (cf J2EE specs).
I agree that login forms should only contain login information, but I
question the J2EE spec's interpretation of what should be considered
login informa
entication?...if you
really mean authentication, it sounds to me like you don't have
something set up correctly...you should be getting a 403 access denied
in both firefox and ie if login fails. Authorization has nothing to do
with form based authentication and would be handled by the contain
bout
> authorization...do yo mean authorization or authentication?...if you
> really mean authentication, it sounds to me like you don't have
> something set up correctly...you should be getting a 403 access denied
> in both firefox and ie if login fails. Authorization has nothi
Nirvann:
> I mean't authorization. Consider a scenario as follows. There are two users,
> admin and user. Consider two pages adminPage.jsp and userPage.jsp. Admin has
> rights to both the pages but user can access only userPage.jsp. Lets assume
> that the user logs in as user (not admin) and acces
I would also google "making internet explorer display your error page"
...this is something I learned in the "apache cookbook"...IE will
display it's own error message if your error page isn't at least 512
bytes...anyway you might want to research this a little
Did you define a custom 403 page? Ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nirvann,
On 10/20/2009 2:50 AM, Nirvann wrote:
> The first thing is what mechanism can be used to handle authorization
> errors. For authentication we have control of jsp pages (Login and Login
> error pages). But there is nothing to let users know th
On Tue, Oct 20, 2009 at 10:55 AM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Nirvann,
>
> On 10/20/2009 2:50 AM, Nirvann wrote:
>> The first thing is what mechanism can be used to handle authorization
>> errors. For authentication we have control of jsp pages
.
regards,
nirvan.
--
View this message in context:
http://www.nabble.com/doubts-about-tomcat-form-based-authentication-tp25970503p25984106.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail
page in web.xml file but the page was not at proper
> location. Hence I was getting 404 file not found. Now I can access the role
> error page for authorization error. Thanks a lot for all your insights.
>
> regards,
> nirvan.
> --
> View this message in context:
>
Hello everyone,
is there a way to do FORM based authentication in tomcat
but with MD5 encrypted password ?
thanks
Hi,
I have an application using form based authentication. Is it possible to use
the same form as a "stand-alone" login screen? Default, if you enter the url of
the form manually (or get it from your browser's history) and you submit it,
you get an error message. You always h
Is it correct to say that you lose the ability to have single-sign on across
multiple contexts if you go with a custom login solution (e.g. checking
login form fields in a servlet and, if correct, setting a “login” session
attribute to true) as opposed to standard form-based authentication?
How
Leonardo Kenji Shikida wrote:
> using tomcat´s form-based authentication ("j_username" and
> "j_password"), is there any support for "remember me" feature? (saving
> encripted password into a cookie and reading it back in the next
> visit), or
too bad. resin has this
On 1/18/06, Mark Thomas <[EMAIL PROTECTED]> wrote:
> Leonardo Kenji Shikida wrote:
> > using tomcat´s form-based authentication ("j_username" and
> > "j_password"), is there any support for "remember me" feature? (saving
Hello,
I'm having problems getting the form-based authentication example that
ships with Tomcat 6 to work properly.
I have followed all the instructions at
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
to make the form authentication example using MemoryRealm to work for
On 29/08/2015 22:16, Sreyan Chakravarty wrote:
> Okay this is my first try at container based authentication using Realms in
> Tomcat. And things have gone wrong. Here is my login page -:
> My web.xml security configuration is -:
>
>
>
> TECHERS
> /teacher/suc
I don't understand where did I request the login page directly ? I just put
as index.jsp and and the error page as
index.jsp?error=true.
So where is my error ?
On Sun, Aug 30, 2015 at 9:54 PM, Mark Thomas wrote:
> On 29/08/2015 22:16, Sreyan Chakravarty wrote:
> > Okay this is my first try at
On 31/08/2015 07:00, Sreyan Chakravarty wrote:
> I don't understand where did I request the login page directly ? I just put
> as index.jsp and and the error page as
> index.jsp?error=true.
>
> So where is my error ?
Did you request '/teacher/success.jsp' ? No, you did not.
Did you request '/in
Wait I am sure I am going wrong in a fundamental area.
My security constraint is as follow-:
TECHERS
/teacher/success.jsp
GET
POST
TEACHER
FORM
/index.jsp
> From: Sreyan Chakravarty [mailto:sreyan.mail...@gmail.com]
> Subject: Re: HTTP 400 with Form based authentication
> My security constraint is as follow-:
>
> FORM
>
> /index.jsp
> /index.jsp?error=true
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 12:34 PM, Sreyan Chakravarty wrote:
> Wait I am sure I am going wrong in a fundamental area.
>
> My security constraint is as follow-:
>
>
> TECHERS
> /teacher/success.jsp
> GET POST
>
>
> TEACHER
>
>
> FORM
> /i
First of all I did read the Servlet Spec, it provided no hint as to what I
was doing wrong.
So you are saying that I can't have a login form on the page when the
welcome page ? Why not ? Tons of site have just that, like Twitter and
Facebook. It seems weird why I can't have it on my welcome page.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 1:39 PM, Sreyan Chakravarty wrote:
> First of all I did read the Servlet Spec, it provided no hint as to
> what I was doing wrong.
>
> So you are saying that I can't have a login form on the page when
> the welcome page ? Why not
On 31/08/2015 18:49, Christopher Schultz wrote:
> Really the only thing the servlet spec is missing is a setting in
> like or something like that, so
> that if you try to login with j_security_check and you hadn't already
> requested a protected resource, the container knows where to send the
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 8/31/15 2:01 PM, Mark Thomas wrote:
> On 31/08/2015 18:49, Christopher Schultz wrote:
>
>> Really the only thing the servlet spec is missing is a setting
>> in like or something like
>> that, so that if you try to login with j_security_c
Well Christopher thanks for that eye opener. I didn't know that the specs
were so inconsistent.
Okay now regarding your comment-:
"Servlet 3.0 added the HttpServletRequest.login() method would improved
the situation greatly: you can implement your own login handler that
plugs-into the authenticat
Ok I found FormAuthenticator and landingPage attribute in it in the source.
But how do I use that in my application ? What do I do ?
Any documentation for this ?
On Tue, Sep 1, 2015 at 12:46 AM, Sreyan Chakravarty <
sreyan.mail...@gmail.com> wrote:
> Well Christopher thanks for that eye opener.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 3:16 PM, Sreyan Chakravarty wrote:
> Well Christopher thanks for that eye opener. I didn't know that the
> specs were so inconsistent.
They aren't inconsistent... it's just that they don't cover a popular
use case. Remember that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 8/31/15 3:20 PM, Sreyan Chakravarty wrote:
> Ok I found FormAuthenticator and landingPage attribute in it in the
> source.
You shouldn't need to look at the source.
> But how do I use that in my application ? What do I do ?
You configu
I did what you said. That is pointing the web browser to a protected
resource without authentication and then logging in. It works perfectly IF
AND ONLY IF the credentials are ABSOLUTELY correct. Otherwise I am getting
undefined behavior an thats where I need your help now.
First-: If I provide an
Hi.
I have notv really followed this thread from the beginning, but maybe I can contribute
something here..
On 07.09.2015 15:56, Sreyan Chakravarty wrote:
..
Also can I webapp have different realms ? If so how do you distinguish them
? I was looking at the RealmBase source and I haven't noti
Yes but what happens when the user passes a user-id that is not present in
the DB. Or a password that is incorrect. How would the server handle that ?
If I pass an incorrect user I am getting a NPE. And if I pass an invalid
password but a valid user a am not being redirected to the form-login-erro
I have found the cause of the problem. It seems that there is no null
checking in the DataSourceRealm in Tomcat. What I mean is that if a
particular user does not exist in the database and is credentials are
returned as a null string then no null checking is specified.
I would like to open this as
I have found the cause of the problem. It seems that there is no null
checking in the DataSourceRealm in Tomcat. What I mean is that if a
particular user does not exist in the database and is credentials are
returned as a null string then no null checking is specified.
I would like to open this as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/7/15 9:56 AM, Sreyan Chakravarty wrote:
> I did what you said. That is pointing the web browser to a
> protected resource without authentication and then logging in. It
> works perfectly IF AND ONLY IF the credentials are ABSOLUTELY
> c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/7/15 2:17 PM, Sreyan Chakravarty wrote:
> I have found the cause of the problem. It seems that there is no
> null checking in the DataSourceRealm in Tomcat. What I mean is that
> if a particular user does not exist in the database and i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/9/15 9:45 AM, Christopher Schultz wrote:
> On 9/7/15 2:17 PM, Sreyan Chakravarty wrote:
>> I have found the cause of the problem. It seems that there is no
>> null checking in the DataSourceRealm in Tomcat. What I mean is
>> that if a
Okay can you please guide me on how to log the bug. That would be great. If
possible you could do it yourself also.
And as far as opinions go I really don't know. The whole process of Realms
seem confusing to me and its overtly complicated.
Thanks for testing out the issue.
On Wed, Sep 9, 2015 a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Sreyan,
On 9/9/15 12:49 PM, Sreyan Chakravarty wrote:
> Okay can you please guide me on how to log the bug. That would be
> great. If possible you could do it yourself also.
1. Register for Bugzilla at bz.apache.org
2. Fill-out this form:
https:
provider in the
jaspic-providers.xml file limits the JASPIC configuration to a single web
application.
2. OR there is an AuthConfigProvider that could implement the FORM based
authentication.
Not that I am aware of.
Mark
Mark,
On 12/3/21 05:29, Mark Thomas wrote:
On 03/12/2021 10:00, Keil, Matthias (ORISA Software GmbH) wrote:
Hi Mark, sorry for the late reply. Unfortunately I was sick.
Thanks for your advice. The error was in front of the computer 😉. I
had misspelled the context path in the appContext
Now
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nicholas,
On 2/11/2010 3:19 PM, Nicholas Duan wrote:
> I am not sure if this is a configuration problem, but I can't get the
> basic/form-based authentication working on Tomcat 6.0, and couldn't
> even get the protected
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nicholas,
On 2/11/2010 3:19 PM, Nicholas Duan wrote:
I am not sure if this is a configuration problem, but I can't get the
basic/form-based authentication working on Tomcat 6.0, and couldn't
even get the pro
reply with your machine
and JDK configuration. Thanks!
ND
- Original Message -
From: André Warnier
Date: Thursday, February 11, 2010 3:26 pm
Subject: Re: Basic/Form-based authentication with Tomat 6.0
> Christopher Schultz wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> From: Nicholas Duan [mailto:nd...@gmu.edu]
> Subject: Re: Basic/Form-based authentication with Tomat 6.0
>
> If my server caught fire, I would be calling 911 instead of asking for
> help here...
Despite your protestations, you still haven't told us what *does* happen when
On 07/12/2010 11:14, mike lan wrote:
Hello everyone,
is there a way to do FORM based authentication in tomcat
but with MD5 encrypted password ?
Yes. Read the realm docs for details.
Mark
-
To unsubscribe, e-mail: users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Charl,
Charl Gerber wrote:
> I have an application using form based authentication. Is it possible
> to use the same form as a "stand-alone" login screen?
Tomcat does not allow this use case because it is not covered by the
servl
You could call the authenticate()-method from Tomcat's FormAuthenticator:
http://tomcat.apache.org/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/authenticator/FormAuthenticator.html#authenticate(org.apache.catalina.HttpRequest,%20org.apache.catalina.HttpResponse,%20org.apache.catalina.depl
mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a10785065
Sent from the Tomcat - User mailing list archive at Nabble.com.
--
in $CATALINA_HOME/server/lib/catalina.jar there's a file "catalina.properties".
There your will find the following entries:
BASIC=org.apache.catalina.authenticator.BasicAuthenticator
CLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticator
DIGEST=org.apache.catalina.authenticator.DigestAuth
ca.dfn.de:11371
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Well, subclassing FormAuthenticator would be a hack, a
Tomcat-only-solution and inho a bad one.
therefore, take a look at JAASRealm and try to combine it with your
existing login-procedure, meaning
- Implement a JAASRealm
- get the credentials from there (user, password)
- do the JAAS-Authentica
Gregor Schneider wrote:
Well, subclassing FormAuthenticator would be a hack, a
Tomcat-only-solution and inho a bad one.
therefore, take a look at JAASRealm and try to combine it with your
existing login-procedure, meaning
- Implement a JAASRealm
- get the credentials from there (user, password)
at least you've saved *half* of the time ;)
cheers
greg
--
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
To start a new to
---
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in co
well, we can't tell you the whole desigh of your_app-to-be but gave
you some starting-points. now it's up to you to use them.
however, i do not see any sense at all passing more tha two
credentials (user, pass) to authenticate
therefore, i suggest first thing you should do is to re-think the
Is there anyway to allow both client-cert authentication and form-based
authentication to work together in Tomcat? or J2EE web servers in
general?
I'd like to have users to log in to an web app using either user cert or
username/password. If a user doesn't have a cert, the login page
to re-think the
> design of your application.
--
View this message in context:
http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a12374143
Sent from the Tomcat - User mailing list archive at Nabble.com.
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lb,
lightbulb432 wrote:
> The requirement doesn't accept having two tables (i.e. userTableA and
> userTableB), partly because increased maintenance, the possibility of table
> definitions going out of sync, etc.
CREATE VIEW, anyone?
- -chris
-B
dev.org
>
> iD8DBQFG1sVh9CaO5/Lv0PARAjCcAJ4gF601g5wChd1FQ1TodzPjKuQmpACgsEqq
> nD8wKTUJVWYkc5eGnA/mXt8=
> =FMuk
> -END PGP SIGNATURE-
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For addit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lb,
lightbulb432 wrote:
> Views would definitely allow me to keep the two tables separate, but then I'd
> have to authenticate against the two source tables separately (i.e. each
> application would point to the source table rather than to the view).
appId="application-1" />
>
> Just make sure you have setAppId and getAppId methods on your Realm
> implementation, and then use them when you build your SQL query to
> verify a login.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG
1 - 100 of 169 matches
Mail list logo
