tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kenneth topp <cau...@prodigy.net>
Subject Re: Sharing sessions across contexts?
Date Sat, 07 Oct 2000 03:33:41 GMT

On Fri, 6 Oct 2000, Craig R. McClanahan wrote:

> kenneth topp wrote:
> 
> > this is just an implementation of http authentication of rfc2617, no?
> >
> 
> I forgot to mention that Tomcat 4.0 supports all four login methods
> described in the servlet spec:

I need to read this spec!

> 
> * HTTP BASIC (from RFC2617)
> * HTTP DIGEST (also from RFC2617, does not send passwords
>   in cleartext across the network)

I don't think any used browsers support this yet.

> * Form-Based Login (from the servlet spec)

This sounds cool.  Just read the spec.  I'm not sure how you can (on
successful login) _redirect_ the user to the orginal stored URL with
request parameters intact.  I'm guessing that it will always stay the same
URL.  I don't think I solved redirecting browsers from request's stuffed
with POST data, and keeping them.  I guess the servlet container could
always play tricks (storing the data in the server, and feeding them into
the request on success).  Cannot wait to see the code for this.

> * SSL client certificate authentication

Nice.

I'm still struggling with how to merge these authentication systems with
the simple authorization schemes they tend to insist upon (ie: user can or
cannot do, based on the name or their group).

Well, anyway, thanks for the update!

Kenneth Topp


Mime
View raw message