tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Multiple authentication schemes within a webapp
Date Sat, 17 May 2008 14:12:44 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert,

Robert Oxspring wrote:
| I have a webapp that uses form based authentication but I'd like to also
| be able to login to it using basic authentication.  The main use case
| for this is to present a nice form based login for web users, not
| involving the standard browser's username/password prompt, but also
| allow people to include their username and password into the url for use
| in the likes of wget and other tools.
|
| Can anyone give me recommendations on how to achieve this? As far as I
| can tell I can't have more than one login-config elements in the
| web.xml.  Would I need to implement a new Authenticator delegating to
| BasicAuthenticator and FormAuthenticator?

Yeah, you basically need to do something like this. You might not even
be able to use the existing classes without some of your own logic,
because you never want to send a 401 response, right? You just want to
accept WWW-Auth headers if they happen to be in the request.

If you find that the classes in Tomcat are too restrictive, you might
want to look into securityfilter
(http://securityfilter.sourceforge.net/), which has some options not
available through Tomcat's built-in security.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgu59wACgkQ9CaO5/Lv0PBBXACgle4nad6bQGsXMOU1XO0jmlTA
1xMAnRLjt38A9E4ZEN3nLc4T+jCfbDKd
=f5Ij
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message