tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kristian Rink <>
Subject servlet and HTTP authentication
Date Thu, 27 Jul 2006 15:21:21 GMT
Hash: SHA1

Hi all;

gotta solve a very special authentication situation: Users need to have
access to certain file packages using an URL like


with <package-id> referring to an identifier stored in a local document
management system. User information (id, password) are stored in the DMS
database as well. To provide access to a certain package, I need to ensure

(a) the user is valid (thus, has authenticated)
(b) the user is owner of the package (which I can find out using the DMS
    database as well)

However, following this approach I cannot use container-based
authentication as the DBMS user management repository is not easily
accessible via such a configuration but there are Java classes to
authenticate the user using an API which to be called from another Java
class, a servlet, ...

So, my question: Is there a way to configure Tomcat that, for a given
servlet or resource, a HTTP authentication window will appear and, then,
 the data entered there (username, password) is given to the servlet in
order to do anything useful with it? I _suppose_ those parameters should
be available as part of the Request, but I don't know how to make tomcat
demand HTTP authentication _without_ automatically validating these

Any hints on that?
TIA and bye,

- --
Kristian Rink * * jab:
icq: 48874445 *  fon: ++49 176 2447 2771
"Wenn einer allein träumt, ist es nur ein Traum. Wenn viele gemeinsam
träumen, ist das der Anfang einer neuen Wirklichkeit." (Hundertwasser)

Version: GnuPG v1.4.2.2 (GNU/Linux)


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message