tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: Authentication strategies
Date Mon, 15 Sep 2003 10:50:28 GMT
This is 2 different questions.

Can I use LDAP for AUthentication. Yes - via JNDIRealm.

Can I perform authentication via an HTML FORM? Yes, via a security constraint 
in web.xml with the type being FORM instead of BASIC. Helping you out furthur 
via the mailing list with respect to the second question will involve MANY 
emails. I recommend google, or a (good) servlet/jsp book to get more 
information about FORM authentication.

Using FORM authentication and JNDIRealm will keep all security constraints 
generic to the spec. Thats a good thing.


jerome moliere wrote:

> Hi all,
> I'd like to authenticate users on a LDAP tree (using something like the 
> JNDIRealm) that's OK
> But I'd like not to have the post 401 browser POPup window but a custom 
> form (with links for retrieving its password & some other
> gadgets)
> I guess that this is not a very uncommon thing ?
> So i wondered about setting up a filter ,getting the Authentication 
> header & comparing it with the values BASIC ... (constants exist)
> Is it the classic way for such job ?
> any other clue welcomed

View raw message