tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alec Swan <alecs...@gmail.com>
Subject Re: Authentication from the browser
Date Tue, 02 Jun 2009 22:08:58 GMT
>
> ? You can't put HTTP headers "in" a link, unless you're processing
> it through some proxy mechanism...
>

Looks like the last SecurityFilter build was released on Dec. 14, 2004,
which makes me hesitant to use it.

I am wondering if it is possible to use JavaScript to include the user name
and password in the HTTP header when the link is clicked. According to the
following statement I borrowed from
http://securityfilter.sourceforge.net/this won't work either:
"With container managed security, the container will not process login
requests unless the container itself has initiated the authentication
sequence .."

Does this mean that there is no way to authenticate against Tomcat server
unless the server initiated the request itself?


> > Does this give you enough information to propose a solution?
>
> I suspect you need to write your own solution, though this:
>  http://securityfilter.sourceforge.net/
> :: has been recommended by others on this list many times, and
> might help (I've never used it).
>
> HTH,
> --
> Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message