tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anil Vijendran <>
Subject Re: [VOTE] The current form-based login implementation in Tomcat 3.1
Date Thu, 06 Apr 2000 06:41:04 GMT
"Craig R. McClanahan" wrote:

> Therefore, I propose the following plan of action:
> * Finish validating that BASIC authentication works,
>   so that we can at least offer that level of container
>   managed authentication support using the
>   "conf/tomcat-users.xml" file.  (I will do this unless
>   someone else wants to focus on it.)


> * Comment out the current code that implements
>   FORM-based authentication, so that no one will
>   run into a partially complete implementation.  This
>   will go on the list of things for the next release.

No need for this. This is a product whose source code is available to users
not just for browsing but also for understanding and begin contributing.
I see something like this as a very likely candidate for people to
understand and try to complete -- good bait for more committers.

As long as the release notes clearly and unambiguously document what the
deal is here -- what it is, how in/complete it is, and what to expect/not
expect out of it -- we're fine.

> * Change the included security example to use
>   BASIC authentication instead of FORM-based
>   authentication, so you can run it out of the box.


> * Document all this in the release notes, so that
>   people will know what to expect.  (By the way,
>   DIGEST and SSL-based authentication are also
>   not yet supported).


Peace, Anil +<:-)

View raw message