Good Evening All-
The best way is to put up a Jsp / servlet which itself has the
username/password information to let you behind the firewall
There are a ton of https and firewalls you can install and configure to your
hearts content
But none would be more secure and safe than controlling authentication (a
simple username/password) via the servlet
Remember to tell .htaccces to disallow execute write and pretty much read
permissions on everything except for your username/password screen
Martin --
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy. Thank you.
----- Original Message -----
From: "John Caron" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <users@tomcat.apache.org>
Sent: Tuesday, June 27, 2006 9:01 PM
Subject: Programmatic Security
I need to implement fine-grained security access, so it looks to me like
"Programmatic Security" (Servlet spec 12.3) is called for. I want to
recieve the request in my servlet, then decide what access rights are
needed for it.
In this case, if I understand correctly, the "user must already be
authenticated" means that they have tried to access a Tomcat-protected
page (eg a login page), have been successfully authenticated by Tomcat,
and further requests are returning the JSESSION cookie that was assigned
during authentication.
Is that right? Is there some other way the req.getRemoteUser() could
return non-null?
Is there some way that I can programatically trigger Tomcat to initiate
the authentication process?
Thanks for any help...
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]