tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From raimee <>
Subject Re: How to setup login based security?
Date Thu, 01 Jun 2000 23:55:48 GMT
> Christoph Kulla wrote:
> Hi,
> my webapplication starts with a form based user login. A database lookup is
> made to check if there is a user account. When the login is successfull an
> user object is inserted in the current session data. All other servlets of my
> webapp should check if these user object exists and if not redirect the
> request to the login form.
> My idea is to implement a check servlet (or a simple class) which
> checks every request to my webapp before the requested servlet is called.
> Is this possible with tomcat or is there any other way to secure my webapp.
> Regards,


How did you make out with the security login problem.  
I have not been able to figure out exactly how to implement a security 
servlet under Apache + Tomcat on an NT machine.  

First I tried to use auth_mod (using htpasswd and the .htaccess
Apache to protect a single servlet context.  I was not able to do this. 
is obviously more to this process that the configuration required for a
stand alone Apache,
and I haven't been able to get it.

I have followed this discussion thread on the mail list with the hope of
solving my problem; "How to set-up login based security."

My Tomcat install will be serving 5 or 6 related-applications using as
many contexts.
The session management will be centralized for ALL apps.; Users can
switch between
applications without having to login each time.  Thus having a wrapper
Security Servlet that dispatches requests to all contexts seams

I would really like to see a small scale example.  I may already have
one and not know it's

Any advise much appreciated.

- Raimee

View raw message