tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Johnsson <>
Subject Re: Authentication with JAAS / Form Autenthication/ "j_security_check"
Date Fri, 28 Nov 2003 00:20:18 GMT
>> i need to add an extra parameter

Well, you cannot do this kind of things without extending the code (as 
you do not stay within the standard servlet security model), so I guess 
it is a question for the development list after all.

Without going into the details of what code to change in what way, I 
want to warn you. You would be modifying your tomcat to support your 
specific application in a very non-standard way. Furthermore, I foresee 
no chance that this modification would make it back into the Tomcat 
trunk. This means that you will forever be burdened with the work of 
adapting this feature to future updates of the Tomcat code.

Taking this into account you might want to stay with the standard model 
even if it does not perfectly match your needs.

Only my humble opinion and advice; freely given, and well meant.

	Dan Johnsson

torsdagen den 27 november 2003 kl 15.19 skrev Andy Armstrong:

> Jose Antonio Chirinos wrote:
>> Hi, i have a web application that use web authentication through 
>> "j_security_check" servlet; i need to add an extra parameter diferent 
>> of "j_password" and "j_username"; i guess that i have to put the 
>> extra parameter in the login form and in the definition of the realm; 
>> but where i have to include the code for the comparation of the new 
>> parameter.
>> Thanks in Advanced.
> This is really one for the Tomcat user's list Jose.
> -- 
> Andy Armstrong, Tagish
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
Dan Johnsson | Säkerhetsarkitekt |
tel 0709 - 15 88 43 | fax 08 - 517 008 29
Omegapoint AB - din säkra punkt i tillvaron

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message