tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abraham Fathman" <afath...@one.net>
Subject RE: Customising the logic behind Container Authentication (j_security_check)
Date Mon, 06 May 2002 04:30:26 GMT
j_security_check should work with all containers. Custom authentication
will work with all containers as long as you don't use any server
specific code (casting an object to a tomcat object...).

Like I said, I am doing custom auth and am quite happy with it.

Abe

-----Original Message-----
From: Joel Baker [mailto:news@news.jb21.net] 
Sent: Sunday, May 05, 2002 11:07 PM
To: tomcat-user@jakarta.apache.org
Subject: Re: Customising the logic behind Container Authentication
(j_security_check)


Abe,

Thanks for that. Other than this apparent lack of flexibility, are there
problems with the j_security_check method? I presume/hope that it is
secure etc (when used through https). Upon reading the servlet spec PDF
I note that the j_security_check method is defined at this level and as
such should work in all containers. Is this the case? I hope I'm right
in assuming that custom authentication should work in all containers as
well.

I will look into custom auth, but not just yet. My attitude towards this
current project is to get each section working before considering
implementing it at a release level. ;)

Cheers for your help,

Joel.

""Abraham Fathman"" <afathman@one.net> wrote in message
news:<013d01c1f3ec$a2bfba30$8a56e20a@pcg>...
| Joel,
|
| I wouldn't use the Security in the spec - ie don't use 
| j_security_check servlet...
|
| Write your own authentication mechanism that will tie into this third 
| party. You can write a filter (as of servlet spec 2.3) that will 
| restrict access to certain url by first redirecting them to a logon 
| page.
|
| Does this make sense? I have written applications that do excatly what

| you are talking about so if it doesn't, respond with what I need to 
| expand on.
|
| Hope I can help!
| Abe
|
| -----Original Message-----
| From: Joel Baker [mailto:news@news.jb21.net]
| Sent: Saturday, May 04, 2002 11:55 PM
| To: tomcat-user@jakarta.apache.org
| Subject: Customising the logic behind Container Authentication
| (j_security_check)
|
|
| Hi there,
|
| The webapp I'm currently developing uses the j_security_check method 
| of authentication. That is, when authentication is required (ie: when 
| a client tries to access a restricted resource) the client gets 
| directed to the file specified in the <form-login-page> tag in my 
| web.xml file - in this case this file is login.jsp. This JSP presents 
| a form to the client whose action is j_security_check, an internal 
| Tomcat servlet (though it is more general than Tomcat, being in the 
| Servlet spec) that processes this response. When the user is 
| authenticated, based on her username and password, by the 
| j_security_check servlet she is returned to the resource she first 
| requested.
|
| However, I am needing to set further login tokens based on the 
| username and password given and am thus looking to somehow intercept 
| the j_security_check servlet - ideally without rewriting it. This is 
| because I am trying to create an authentication token for a third 
| party web application (and thus creating single sign on as the third 
| party web app doesn't use tomcat container authentication) at the same

| time as logging into the main site.
|
| If anyone has any ideas I would be, of course, very grateful.
|
| Joel Baker.
|
|
| --
| To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
| For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
| Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
|
|


--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>



--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message