tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Tulley" <>
Subject [proposal] make parameters available to the login form
Date Fri, 04 Apr 2003 01:24:11 GMT
One more proposal regarding form-based authentication:
Right now, if you submit a form to a secured page, and have not
authenticated, you are redirected to a login page.  Any form parameters
that you have submitted are not available to the login page.  For a
seamless / single sign on experience, it would be nice if the submitter
could supply "j_username" and "j_password" and have the form decide if
it wants to pick up and use that information for immediate
authentication.  Right now the only form of SingleSignon available is
through cookies.  If the calling application has valid credentials, it
should be able to authenticate with the container.

I cannot see what part of the spec that this violates, but I very well
could be missing something.

Also, am I simply missing a better way to do this?  We have an
application where the user has already been authenticated and this same
user is authorized to use Tomcat's manager and admin applications. 
Tomcat is using the same type of realm, so the credentials pass over
directly.  It would be nice to provide seamless operation between all of
these web applications using standard Tomcat.

Is this possible?  We've made the code changes to make all of this
happen as decribed in the first paragraph, but we want to be sure that
this is a good thing to do, and if so, get our changes submitted back to
Tomcat itself.  (not wanting to patch them in every time Tomcat is
re-released at which time we'll bag our current solution for a
filter-based one).


Jeff Tulley  (
Novell, Inc., The Leading Provider of Net Business Solutions

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message