tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Multiple authentication schemes within a webapp
Date Sat, 17 May 2008 14:12:44 GMT
Hash: SHA1


Robert Oxspring wrote:
| I have a webapp that uses form based authentication but I'd like to also
| be able to login to it using basic authentication.  The main use case
| for this is to present a nice form based login for web users, not
| involving the standard browser's username/password prompt, but also
| allow people to include their username and password into the url for use
| in the likes of wget and other tools.
| Can anyone give me recommendations on how to achieve this? As far as I
| can tell I can't have more than one login-config elements in the
| web.xml.  Would I need to implement a new Authenticator delegating to
| BasicAuthenticator and FormAuthenticator?

Yeah, you basically need to do something like this. You might not even
be able to use the existing classes without some of your own logic,
because you never want to send a 401 response, right? You just want to
accept WWW-Auth headers if they happen to be in the request.

If you find that the classes in Tomcat are too restrictive, you might
want to look into securityfilter
(, which has some options not
available through Tomcat's built-in security.

- -chris

Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message