Thanks for the quick reply.
Although this might work for BASIC authentication, we need to use FORM
authentication so that the UI (which is 90% of our user access) can be
validated properly (i.e., with nice forms, etc). Is it possible that your
suggestion might work even though we are set for FORM authentication? Or
can we configure Tomcat to use different authentication types for
different URLs?
Thanks.
Jonathan.
Jacob Kjome <[EMAIL PROTECTED]>
03/22/2004 02:17 PM
Please respond to "Tomcat Users List"
To: Tomcat Users List <[EMAIL PROTECTED]>
cc:
Subject: Re: Login by parameters (no prompts)
Well, if it were BASIC Auth, then you'd just do this (over SSL, of course,
to
hide the clear text username/password)...
https://myusername:[EMAIL PROTECTED]
If the username and password are valid, there will be no prompt for
username or
password. You'll get right to the resource.
Jake
Quoting [EMAIL PROTECTED]:
> The application we are building allows file downloads from our UI.
> However, we also want users to be able to download these files using
WGET
> from a command-line (perhaps as part of a script), like this:
>
> WGET 192.168.1.1/do/download?id=1
>
> However, these file downloads are subject to authentication and should
be
> restricted to certain user roles.
>
> We have already implemented a JDBCRealm and everything works very well
> within the UI. The problem is that we can't figure out how to get Tomcat
> to invoke authentication without a prompt. At first, we thought that
> adding "j_username" and "j_password" as part of the URL might do the
> trick. No such luck. We looked through the documentation and couldn't
> find any suggestions (unless we missed something along the way).
>
> What we want to be able to do is have the user provide the username and
> password as part of the URL, like this:
>
> WGET 192.168.1.1/do/download?id=1&username=bob&password=secret
>
> I know that we could always extend Tomcat with our own code, but I'd
> really like to avoid having to do that. I haven't been allowing any
> platform-specific code into the product and I don't want to start now.
The
> use of a JDBCRealm was a compromise that was supposed to reduce the
coding
> effort. Please tell me that there is a way around this issue that
doesn't
> require coding Tomcat extensions.
>
> Thanks for any help you guys might be able to give me.
> Jonathan.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
