tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert r. Sanders" <>
Subject Re: Problem with security?
Date Fri, 10 Jun 2005 16:50:55 GMT
There are some pretty good resources for getting started on Servlet/JSP 
stuff; try the O'Reilly books, especially the latest version of their 
JSP book. 

I suggest that you need to think of what you are wanting to do in 2 phases:
    1. Login
    2. Authenticate (using values supplied by login).

There are a couple of alternatives if you want to save your user's from 
having to type in passwords over and over; since I'm kind of bored, 
here's a brief list:

    1. If you're users are on Windows desktops, then NTLM Auth can get 
the User information from the browser (either IE or Firefox) without the 
user having to login (see
    2. If you have then deployed, then you could use client-certificates 
to authenticate users.
    3. You could use a 'remember-me' library (typically uses cookies so 
that user only has to login once).

Gagnon, Joseph M (US SSA) wrote:

>Did I not say that I'm new to this?
>I made no mention to whether or not I was trying to make it secure.
>This is only meant to be used within my company's intranet and my
>intention was to take the user account and then compare it with a set of
>registered users in the application's DB.
>I am beginning to see that at the very least I need to create some kind
>of mechanism (although I don't understand yet how to go about that, or
>how many different ways it can be done) to perform user authentication.
>If anyone can provide information on how to do this (keep in mind I'm
>new at this), please let me know.
>-----Original Message-----
>From: Robert Harper [] 
>Sent: Friday, June 10, 2005 10:59 AM
>To: 'Tomcat Users List'
>Subject: RE: Problem with security?

    Robert r. Sanders
    Chief Technologist
    (334) 821-5412

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message