I'm not sure I understand exactly what you want to do. Do you want to handle a login request on the server, or send an HTTP authentication header from a client.
If you want to handle a login request on the server consider that tomcat is being accessed by HTTP which has a reasonably well defined technique for handling authentication. By allowing tomcat to handle authentication, when you access a web application, tomcat will send your browser, application or applet a security challenge that is typically handled by login dialog. You can use any of the Tomcat authorization schemes (basic/form/digest/certificat) to manage the authentication. For BASIC and DIGEST authentication (for example) your web browser will handle subsequent authorization challenges transparently(since HTTP is stateless you must authenticate with each access to a protected page). I think "rolling your own" authentication scheme would likely be unnecessarily complex and error prone, involving both authentication and session tracking. One would think that the various authentication schemes (basic/etc.) and three security realms (memory, JDBC and JNDI) would be able to handle this task in a more robust way. If you want to pass a basic authentication header from a Java Client (or any other client) it is relatively easy. I have implemented a client that sent a basic auth header in python and it essentially just concatinating the user name and password and base64 encoding it (make sure that your server is expecting an authenticated request or you might not see the auth user). I think the o'reilly servlet classes implement setting the basic authentication header in thier servlet package (see www.servlets.com). hope this helps, dennis. >> -----Original Message----- >> From: Sergei Batiuk [mailto:[EMAIL PROTECTED]] >> Sent: Friday, January 04, 2002 14:48 >> To: Tomcat Users List >> Subject: RE: Programmatic login with Tomcat 4.0.1 >> >> >> Well, but what about programmatic login, i. e. something like >> >> Context ctx = new InitialContext(); >> UserManager um = ( UserManager )ctx.lookup( >> "java:comp/UserManager" ); >> um.login( login, password ); >> >> Does Tomcat have an API similar to this? The thing is I have >> a login form on >> my first page, where a user should login to access protected >> functions (they >> are not displayed by default, and become available only >> after a user has >> logged in). >> >> -----Original Message----- >> From: Ing. Gabriel Gajdos [mailto:[EMAIL PROTECTED]] >> Sent: Friday, January 04, 2002 3:24 PM >> To: [EMAIL PROTECTED] >> Subject: RE: Programmatic login with Tomcat 4.0.1 >> >> >> If you use BASIC authentication, user/password are contained in the >> "Authorization" HTTP 1.1 Header (in Base64 encoded form). >> Never tried, but should work when supplying correct data >> into your HTTP >> request (including headers). >> >> | How do I programmatically login into TC 4.0.1? >> | >> | Sincirely, >> | Sergei Batiuk. >> >> >> -- >> To unsubscribe: <mailto:[EMAIL PROTECTED]> >> For additional commands: <mailto:[EMAIL PROTECTED]> >> Troubles with the list: <mailto:[EMAIL PROTECTED]> >> >> >> >> -- >> To unsubscribe: <mailto:[EMAIL PROTECTED]> >> For additional commands: <mailto:[EMAIL PROTECTED]> >> Troubles with the list: <mailto:[EMAIL PROTECTED]> >> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
