tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Obtaining authenticate principal from HttpSession...
Date Tue, 13 May 2003 14:41:13 GMT

It depends on how much control you have over the other application, the
one you're forwarding to.  Does it just need to know that the user has
been authenticated?  If so, a simple flag on the URL or a boolean
session attribute may suffice.

Solutions to this can be much more complicated as well ;)

Yoav Shapira
Millennium ChemInformatics

>-----Original Message-----
>From: Rob Tomlin []
>Sent: Tuesday, May 13, 2003 10:34 AM
>To: Tomcat Users List
>Subject: RE: Obtaining authenticate principal from HttpSession...
>> so your design is flawed
>I can change my design ;-)
>> you can manually stuff the Principal into the session as an attribute
>> if you'd like.
>Is this the only way to do it ?
>I have an client application which is making requests. I want to handle
>and forward them to another server, but as a previously authenticated
>In other cases I have simply used jsessionid in the url to reuse the
>I cannot do this in this specific case.
>My idea was to use the sessoin Id to identify the user, but as you say
>no good.
>Have you any suggestions ?
>Rob Tomlin
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message