tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Crowther" <Peter.Crowt...@melandra.com>
Subject RE: Problem with security?
Date Fri, 10 Jun 2005 13:56:41 GMT
> From: Gagnon, Joseph M (US SSA) 
> I have a situation where I want to be able to provide user 
> access to an
> application by determining the identity of the requesting 
> user, without
> them having to go through a login procedure.

OK.  So what identity can the browser present that you wish to discover?
Are all your users on Windows, for example, and you wish to discover
their Windows username?  On UNIX?

The way HTTP works is that your servlet has to refuse access to a
resource before it can obtain any information at all about the user at
the other end of the connection.  So at the very least, you'll have to
investigate creating a servlet that requires authentication.  You can
then have some control over the kinds of authentication you say you'll
accept, and therefore whether the user's browser tries to satisfy the
request behind the scenes or whether it pops up that ugly dialog box
requesting a username and password.

If you're on Windows and want the user's Windows authentication, take a
look at the NTLM Authentication Filter - see
http://jcifs.samba.org/src/docs/ntlmhttpauth.html for details.  Note
that I've never used this and can't help any further than these
pointers.

		- Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message