tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <hassan.schroe...@gmail.com>
Subject Re: Authentication from the browser
Date Tue, 02 Jun 2009 18:22:47 GMT
On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan <alecswan@gmail.com> wrote:
> Hassan, I don't think that the goals are contradictory, because each goal
> applies to its own group of users: our customer users and everybody else.
> Customer users should not have to enter user name and password, but
> everybody else should.

IOW, you want it protected, and you want it openly accessable.
Sorry, that sounds contradictory to me :-)

If you have "a customer who would like to put a link on a web page"
to your servlet, that servlet's URL is now "in the wild" -- anyone who
finds it can access it.

> I am glad that you made me think about this, because maybe it is possible to
> extend Tomcat authentication to also use client IP address or domain?

How would you know a priori the IP or domain of the clients?

-- 
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message