hi,David, My aim is that tomcat could authenticate users without promoting any login form. I give out the userID and password in the servlet code. when users navagate the servlet page, they would login to tomcat as that userID identity.
Thanks a lot! Zhu quanxin 2007/9/6, David Delbecq <[EMAIL PROTECTED]>: > Hi, > > Am not sure to understand what you want to do. You want to login user > without requiring it, ever, to authenticate? That seems to me quite > paradoxal. Maybe you should explain a bit more what you try to achieve... > > 朱全鑫 a écrit : > > Hi, > > > > I have already enabled the SSO function in server.xml. It could be > > promoted the challenge once when I visit the first webapp and without > > login to all the webapps in the host. But I do not want any login form > > promoted to users. So my point is, how do I write code in a jsp or > > servlet to auto login to the first webapp without the login-form > > promoted to users. > > For example, in websphere application server, the following code > > could be auto login to the server, If we give the right username and > > password pair. > > > > code begin > > ------------------ > > LoginContext lc = null; > > > > try { > > lc = new LoginContext("WSLogin", > > new WSCallbackHandlerImpl("userName", "password")); > > } catch (LoginException le) { > > System.out.println("Cannot create LoginContext. " + > > le.getMessage()); > > // Insert the error processing code > > } catch(SecurityException se) { > > System.out.println("Cannot create LoginContext." + se.getMessage()); > > // Insert the error processing code > > } > > > > try { > > lc.login(); > > } catch (LoginException le) { > > System.out.println("Fails to create Subject. " + le.getMessage()); > > // Insert the error processing code > > ---------------- > > code end > > > > I do not know if tomcat provide some APIs like the above, and we > > could use the API to programmic login to the tomcat server. and where > > to find the instruction to use the API? > > > > > > Many Thanks! > > Zhu quanxin > > > > > > > > 2007/9/5, David Delbecq <[EMAIL PROTECTED]>: > > > >> http://tomcat.apache.org/tomcat-5.5-doc/config/host.html > >> > >> See section about single-sign. This share credential between webapps. > >> > >> Note: it's not a "programamtic". It just let all your application share > >> a same authentification token. Once you authenticate using J2EE > >> compliant method in application X, it's not necessary to login into > >> other application Y on same host that is also using J2EE compliant > >> authentification mecanism. > >> > >> En l'instant précis du 05/09/07 16:51, 朱全鑫 s'exprimait en ces termes: > >> > >>> hi, everyone > >>> > >>> I meet a problem about programmic login. I setup a tomcat server, > >>> and deploy two WAR files (applications) on it. One of the application > >>> A is protected by server authentication, and the other application B > >>> is not. I want to setup a scenario : when user navigates the > >>> application B, he could programmic login to tomcat using username and > >>> password that is coded in the application of B, and then he > >>> navigates the application A in the same browser, he never needs to > >>> response the challenge promoted by application A. > >>> > >>> I would very appreciate if someone could help me. > >>> > >>> Thanks > >>> > >>> Zhu Quanxin > >>> > >>> --------------------------------------------------------------------- > >>> To start a new topic, e-mail: users@tomcat.apache.org > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> -- > >> http://www.noooxml.org/ > >> > >> > >> --------------------------------------------------------------------- > >> To start a new topic, e-mail: users@tomcat.apache.org > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- 致 礼! 朱全鑫