Return-Path: Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 77406 invoked from network); 4 Dec 2000 20:13:12 -0000 Received: from host-254.vignette.com (HELO imail1.vignette.com) (207.8.7.254) by locus.apache.org with SMTP; 4 Dec 2000 20:13:12 -0000 Received: from vscan.vignette.com (vscan.vignette.com [10.16.1.7]) by imail1.vignette.com (8.10.2/8.10.2) with SMTP id eB4KBtN21402 for ; Mon, 4 Dec 2000 14:11:55 -0600 (CST) Received: FROM imc.vignette.com BY vscan.vignette.com ; Mon Dec 04 14:12:14 2000 -0600 Received: by IMC with Internet Mail Service (5.5.2650.21) id ; Mon, 4 Dec 2000 14:11:22 -0600 Message-ID: From: "Edara, Indira" To: "'tomcat-user@jakarta.apache.org'" Subject: RE: formbased security Date: Mon, 4 Dec 2000 14:10:56 -0600 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N I am using tomcat as standalone webserver. When I send simple GET request I am always getting HTTP 1.0 request back. How do I get HTTP 1.1 response? I am using Tomcat 3.1, I placed jsptest.jsp file under /tomcat/ROOT folder and requesting this file using telnet. Thank you -----Original Message----- From: John de la Garza [mailto:jdelagarza@designinsites.com] Sent: Monday, December 04, 2000 1:45 PM To: tomcat-user@jakarta.apache.org Subject: RE: formbased security Thanks! You've been super helpful, just wanted to let you know I really appreciate it and have got alot out of your quick responses! I normally don't get support this good, even we it is billed at $100 a question. -----Original Message----- From: Craig R. McClanahan [mailto:Craig.McClanahan@eng.sun.com] Sent: Monday, December 04, 2000 11:04 AM To: tomcat-user@jakarta.apache.org Subject: Re: formbased security John de la Garza wrote: > What I meant was how can I never have them see the tomcat login...I want to > validate the manually from my own code? > > I have a web based app that the user must log into...I want log the user in > to tomcat once they are logged into to application. > > What I meant about being asked twice was that they would be asked to login > to my app...then asked once to log into tomcat's thing.. > If you want the user to experience a single login, you need to choose one approach or the other -- either have your application do it all, or have Tomcat do it all. In the former case, your application would need to do it's own checking (on every request) that the user is still logged in, and redirect them to the login page if needed. You would not have an or entries in your web.xml file. For Tomcat-managed security, you would install such directives, and set up your users and roles appropriately (by default in the "conf/tomcat-users.xml" file). You can customize the look and feel of the login page if you choose form-based authentication. See the servlet specification for more information on this. Craig McClanahan