If the app maintains sessions, then the logon page can read the
cookie, install some sort of User bean as a session attribute,
and then all other pages need only check for the presence of a non-
null value under that attribute. This even works for a
logon-optional/remember-me (low security) setting where users can
remain anonymous, but registering and logging in
provides additional services.
Ken Bowen
On Feb 26, 2009, at 5:13 PM, Serge Fonville wrote:
Does Tomcat provide default support in some way to implement a
'remember
me' feature for form based authentication? This should not be
dependent on a
user's browser remembering the username/password, but by a checkbox
you can
check/clear on the logon jsp.
if you google for 'jsp cookie' you will find
http://www.roseindia.net/jsp/jspcookies.shtml
If so, where do I find it? If not, how can I implement it? My guess
is that
I store the user credentials in a cookie, but how do I get every
jsp/servlet
in my application that requires authentication to automatically
retrieve
this and skip authentication? Sounds like a lot of overhead, unless
Tomcat
can take care of it.
In any jsp page you can use include directives and inline java
(scriptlet).
Alternatively you can implement java beans to perform the
authentication
decisions.
Any web application that uses authentication needs to perform these
steps at
every request (page view)
Hope this helps.
Regards,
Serge Fonville
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
