tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alec Swan <>
Subject Re: Authentication from the browser
Date Tue, 02 Jun 2009 18:03:48 GMT
Hassan, I don't think that the goals are contradictory, because each goal
applies to its own group of users: our customer users and everybody else.
Customer users should not have to enter user name and password, but
everybody else should.

Also, in general it is possible to authenticate a user without requiring the
user to enter the user name and password in the application, e.g. NTLM-based
authentication or authentication based on the client's IP address.

I am glad that you made me think about this, because maybe it is possible to
extend Tomcat authentication to also use client IP address or domain?

Can you think of any other ways to have two different authentication
mechanisms for the same servlet?


On Tue, Jun 2, 2009 at 11:37 AM, Hassan Schroeder <> wrote:

> On Tue, Jun 2, 2009 at 10:22 AM, Alec Swan <> wrote:
> > We would also like to continue using the existing authentication
> mechanism.
> > So, the question is how can we ... allow authentication to happen
> > without requiring the end-user to type in the user name and password?
> Your goals seem contradictory. Maybe you need to rethink... :-)
> --
> Hassan Schroeder ------------------------
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message