tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Peeters <johan.peet...@alcatel.be>
Subject FORM-based authentication
Date Tue, 05 Sep 2000 14:48:43 GMT
I experimented with (from web.xml)

 <!-- Security configuration -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <url-pattern>*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>operator</role-name>
    </auth-constraint>
  </security-constraint>

  <!-- Login configuration uses FORM authentication -->
 <login-config>
    <auth-method>FORM</auth-method>
    <form-login-config>
      <form-login-page>/logon.jsp</form-login-page>
       <form-error-page>/accessRefused.jsp</form-error-page>
    </form-login-config>
    <realm-name>Payment Server Management</realm-name>
  </login-config>

with Tomcat 3.2b3. But, no dice - the logon page is not served. Do I
take it that Form-based authentication has not been implemented yet? I
gathered from a mail from Craig McClanahan in the Struts mailing list
that Catalina had implemented it. What is the relationship between
Catalina and Tomcat? When can an implementation of form-based
authentication be expected in Tomcat?
I am particularly interested in form-based authentication because of the
claim that authentication would be session-based. Am I right in thinking
that the servlet spec leaves it open whether authentication would be
session-based or not?  I.e. a downside of relying on form-based
authentication's session-based nature would be that this behaviour would
not necessarily be guaranteed on other servlet containers?
Is the servlet spec's form-based authentication mapped to http
authentication, as the BASIC authentication is, or is the authentication
mechanism servlet container-specific?

A whole lot of questions - I would be glad to even only have some
answered. Maybe I should ask some of them on a mailing list on the
servlet specs...

Many Thanks,

Yo
--
Johan Peeters mailto:johan.peeters@alcatel.be
Software Architect - Net Commerce
Alcatel - Gen. De Wittelaan 11 A bus 1 - 2800 Mechelen - Belgium
Phone: +32 15 29 3427 Fax: +32 3 240 4800



Mime
View raw message