I think that most of the responses I've seen here to the original question are missing the point.
I understand the question as he's wondering whether or not you could programatically authenticate a user, such that the container would then recognize the user as being authenticated and not require another login when viewing pages designated as protected by the container. The solutions that people are pointing out are simple "roll your own" authentication solutions that are completely independent of declarative (container-managed) security. Tim --- Joel Rees <[EMAIL PROTECTED]> wrote: > Vladimir Vanyukov asked > > > > I have seen this question here many times and have > seen many answers but > > most of them never really ANSWERED the question. > So I figured I'd ask > > one more time. Is there anyway to programmatically > authenticate users? > > Is there any way for a computer to recognize the > person operating it? Nope. > So the next best thing is passwords. (Or retinal > imprints, which are a fancy > sort of password with fewer problems.) > > If the password is never put on the network, there > is no way for the > password to be stolen from the network. You only > have to worry about the > likes of trojan horses and non-descript vans on the > street outside with > expensive telemetry equipment that can interpret > noise from your keyboard, > etc. > > If the password gets out on the network, it can be > observed. > > > Example: > > If I have s simple username/password form > somewhere on an unprotected > > page, how do I use that information (assuming the > user filled it out and > > submitted it) to allow him to view protected > pages? > > Unless I am totally confused, you don't. > > You let him/her connect to a "secured" page (https) > to login. The login page > works with the browser to encrypt things like > passwords before they are put > on the network. That way, you don't have to worry as > much about whether the > password is observed, because you can be fairly > confident that the observer > can't read it. (If you set things up well.) > > And you don't let him/her proceed from the login > page unless he/she supplies > a valid password. > > Now, if I have this description wrong, will someone > who really knows please > correct me? There ought to be a page somewhere in > the on-line docs that > tells you how to have Tomcat negotiate this stuff > for you. I wonder where > that could be? Hmm. This looks kind of promising: > > http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html > > Joel Rees > Alps Giken Kansai Systems Develoment > Suita, Osaka > > > > > -- > To unsubscribe: > <mailto:[EMAIL PROTECTED]> > For additional commands: > <mailto:[EMAIL PROTECTED]> > Troubles with the list: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
