tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johan Peeters <>
Subject FORM-based authentication
Date Tue, 05 Sep 2000 14:48:43 GMT
I experimented with (from web.xml)

 <!-- Security configuration -->
      <web-resource-name>Protected Area</web-resource-name>

  <!-- Login configuration uses FORM authentication -->
    <realm-name>Payment Server Management</realm-name>

with Tomcat 3.2b3. But, no dice - the logon page is not served. Do I
take it that Form-based authentication has not been implemented yet? I
gathered from a mail from Craig McClanahan in the Struts mailing list
that Catalina had implemented it. What is the relationship between
Catalina and Tomcat? When can an implementation of form-based
authentication be expected in Tomcat?
I am particularly interested in form-based authentication because of the
claim that authentication would be session-based. Am I right in thinking
that the servlet spec leaves it open whether authentication would be
session-based or not?  I.e. a downside of relying on form-based
authentication's session-based nature would be that this behaviour would
not necessarily be guaranteed on other servlet containers?
Is the servlet spec's form-based authentication mapped to http
authentication, as the BASIC authentication is, or is the authentication
mechanism servlet container-specific?

A whole lot of questions - I would be glad to even only have some
answered. Maybe I should ask some of them on a mailing list on the
servlet specs...

Many Thanks,

Johan Peeters
Software Architect - Net Commerce
Alcatel - Gen. De Wittelaan 11 A bus 1 - 2800 Mechelen - Belgium
Phone: +32 15 29 3427 Fax: +32 3 240 4800

View raw message