tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Java Client and Form-based Authentication
Date Fri, 01 Nov 2002 18:09:09 GMT


On Fri, 1 Nov 2002 jason_simoneau@us.ibm.com wrote:

> Date: Fri, 1 Nov 2002 12:13:45 -0500
> From: jason_simoneau@us.ibm.com
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Java Client and Form-based Authentication
>
>
>
>
>
> Hi,
>
> Is it possible to use a URLConnection to access a servlet that has been
> protected using form-based authentication?  I've seen a couple posts here
> about this but I haven't been able to get any of the suggested approaches
> to work.  Basically I'm wondering if its possible to add the credentials to
> the header and if so, what is the exact format - I've already tried:
>
> mConnection.setRequestProperty("Authorization", "Basic " +
> b64.encode("username:password"));
>

This approach will work for a webapp protected by BASIC authentication.
In fact, that's why Tomcat's manager webapp is set up with BASIC -- to
make it easier for client applications (as opposed to browsers) to
interoperate with it.

For form based authentication, you'd have to program your app to expect
the form login page on the first access to a protected resource, and then
do the appropriate submit to j_security_check.  It's technically feasible,
but is definitely a pain.

> Thanks,
>
> jay
>

Craig


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message