tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <>
Subject Re: Tomcat Authentication Nightmare
Date Mon, 30 Jun 2003 14:53:13 GMT

Not sure what you are looking for, but we do this on all of our web apps.  
Users can bookmark the login page all they wish, in fact the login page is 
index.jsp.  They type their username and password in, click submit.  This 
posts to a JSP, the JSP checks against a database, and approves or 
disapproves.  If approves, sets a session variable.  On every other JSP, 
there is a check for the session variable.  If not set, bounce to 

There are probably other much more elegant ways to do it, and probably ways 
to do this built-in to Tomcat, but the method above works for us.

If there's another, more elegant way to do this, I'd love to see an 
explanation of it and the rationale for it.


On Mon, 30 Jun 2003 10:45:41 -0400, Kevin Andryc <> 

> Hi all,
> In a previous project, I decided to use Tomcat authentication and just
> had nightmarish troubles. Telling people they couldn't bookmark the logon
> page just isn't a solution. Plus, many people had serious problems trying 
> to
> login. They would enter in their user name and passwords multiple times, 
> and
> still could not get in. I would honestly say 25-30% of the people had
> problems, which did not reflect well on me. Previously I used Apache
> authentication, but it is just not as flexible as Tomcat, but then again 
> I
> never had a problem with it. I was wondering if there are any suggestions
> for authentication? I don't really want to use Apache for this upcoming
> project and would really prefer a Tomcat-like authentication mechanism 
> where
> I could use a database to hole user names and passwords etc. Any 
> suggestions
> would be appreciated!
> Thanks,
> Kevin
> Kevin Andryc
> Web Systems Engineer
> Phone: (413)-545-3460
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Using M2, Opera's revolutionary e-mail client:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message