On Wed, Feb 20, 2013 at 10:38 PM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > André, > > On 2/20/13 1:40 PM, André Warnier wrote: > > Andrew Winter wrote: > >> On Wed, Feb 20, 2013 at 5:13 AM, André Warnier <a...@ice-sa.com> > >> wrote: Okay, I have this resolved, now. I went with the FORM > >> authentication method and created a servlet that will create a > >> login screen on an isSecure() connection. For standard HTTP > >> requests I pass over a self submitting form with the credentials > >> included. This will work for the human interfaces and I will > >> just have to deal with any programmatic access problems as I find > >> them. > >> > > You could probably just "force" an authenticated user into Tomcat > > (userPrincipal and that kind of thing) when the connection is > > internal. That would also probably solve your programmatic access > > case. > > Or just use HttpServletRequest.login(String username, String > password). No need to force an actual form. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEAREIAAYFAlEllrwACgkQ9CaO5/Lv0PCQeQCfV7OMDpuC7PnQK3pcCVksM5lg > MhcAn1TYFdV+9lXESMxeYOeXcYGrFyXi > =hSIr > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > I have tried the HttpServletRequest.login(String username, String password). I find that it works if I put it in the servlet I made for the FORM login. But it requires a second request to actually reach the page. The first request serves to authenticate only. Is there a way to do this so that I can get to the web app with the same request that does the log in?