tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid...@pidster.com>
Subject Re: "remember me" authentication?
Date Fri, 27 Feb 2009 08:08:40 GMT
Charl Gerber wrote:
> Hi everyone,
> 
> Does Tomcat provide default support in some way to implement a 'remember me' feature
for form based authentication? This should not be dependent on a user's browser remembering
the username/password, but by a checkbox you can check/clear on the logon jsp.

No. Tomcat implements the Servlet Spec, which does not currently include
this functionality.

> If so, where do I find it? If not, how can I implement it? My guess is that I store the
user credentials in a cookie, but how do I get every jsp/servlet in my application that requires
authentication to automatically retrieve this and skip authentication? Sounds like a lot of
overhead, unless Tomcat can take care of it.
> 
> Plan B, less desired, could be for the cookie to be read only in the logon (via javascript)
jsp and automatically fill the credentials. So the user only have to type 'Submit' to logon.
Not auto logon, but at least saves some typing. Pretty much the same as the browser would
have done it, except your app now has control.

Plan C: investigate the "SecurityFilter" project, which provides extra
functionality including, I think, "remember me".

p


> Thanks!
> 
> Charl
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message