tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RE: Authentication hook?
Date Sat, 08 Apr 2000 10:16:49 GMT
Craig wrote:
> There are two levels at which a servlet container can help you with
> authentication, as described in the servlet 2.2 spec:
> * At the per-web-application level...
> * At the per-container level.  The spec talks (Section 11.6) 
> about containers
>   managing authentication information at the per-container 
> level, so you can
>   sign on once for all the apps hosted within this container. 
>  This sounds to me
>   like what you need for your portal requirement -- is that right?

If the per-container level authentication is still limited to a session time
frame then this is not quite what I am looking for. What I am looking for is
a mechanism where the user must login in the first time but later on the
autentication is done automatically without user intervention. Since cookies
may not be a good solution because of terminal side limitations I am not
sure what to use. I have a few ideas however (1 and 3 can be combined):

1. Retrieve unique terminal ID from terminal (maybe in user agent field).
2. Request terminal for userid and password.
   This could be done using an applet or some (ISRF-based) communication
3. Request access server if user is logged in.

In all these cases I need to hook in to existing autentication mechanism on
web server and perform my own special authentication. 

> Of course, if 
> you'd like to help
> us make this work by contributing code, we'd like that too :-).

I would have loved to but I don't know where to squeeze it in!


View raw message