tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anil <a...@server.awcoldstream.on.ca>
Subject Re: Programmatic security with servlet mappings in tomcat
Date Tue, 03 Jul 2001 14:53:28 GMT
You can setup a custom login screen and set it up in the tomcat. I am doing
it. and you can access the username and password from session variables
j_username and j_password. also you can access requested link from session.

     <login-config>
                <auth-method>FORM</auth-method>
                <form-login-config>
                      <form-login-page>/LogIn</form-login-page>
                     <form-error-page>/LogIn</form-error-page>
              </form-login-config>
 </login-config>

I like the tomcat login module because it is transparent. I guess you check
the role, roleGroup and set response.sendError(401,..) to redirect user back
to login page if he/she does not have enough previlages.

did I miss anything here??

anil


pete wrote:

> Sure, one is that i want custom login screens, another is that we store
> all our authentication details centrally and query for them via an XML
> data service.
>
> Various user and domain-specific data, including user preferences,roles
> etc. is stored in this repository, not just 'yes, this user has blanket
> access to the site'.
>
> Our permissions-management tools are all written to work with this, so i
> have an existing system i must fit my tomcat-based solutions into here.
>
> I do use tomcat's basic authentication facilities for some unrelated
> services, but for us it makes a lot of sense to centralize
> authentication and preference data this way.
>


Mime
View raw message