tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hassan Schroeder <>
Subject Re: Authentication from the browser
Date Tue, 02 Jun 2009 18:22:47 GMT
On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan <> wrote:
> Hassan, I don't think that the goals are contradictory, because each goal
> applies to its own group of users: our customer users and everybody else.
> Customer users should not have to enter user name and password, but
> everybody else should.

IOW, you want it protected, and you want it openly accessable.
Sorry, that sounds contradictory to me :-)

If you have "a customer who would like to put a link on a web page"
to your servlet, that servlet's URL is now "in the wild" -- anyone who
finds it can access it.

> I am glad that you made me think about this, because maybe it is possible to
> extend Tomcat authentication to also use client IP address or domain?

How would you know a priori the IP or domain of the clients?

Hassan Schroeder ------------------------

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message