tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <>
Subject RE: Authentication from the browser
Date Wed, 03 Jun 2009 01:07:28 GMT

Here are the index.jsp contents from securityfilter

<h2>POST to the Secure Page</h2>
This form POSTs to the Secure Page. By entering a value here and clicking the submit button
below, you can
verify that POSTed parameters are maintained through the login sequence.
<form id="<%=Constants.HOME_FORM_ID%>"
   action="<%=response.encodeURL(request.getContextPath() + "/securePage.jsp")%>" method="POST">
<input type="text" name="<%=Constants.HOME_POST_FIELD%>">
<input type="submit">

make sure you supply a valid url to securePage.jsp (now its supplied as)
request.getContextPath() + "/securePage.jsp

supply valid values for HOME_FORM_ID
public static final String HOME_FORM_ID = "homeForm";

and valid value for HOME_POST_FIELD now initialised to
public static final String HOME_POST_FIELD = "postMe";

got it working on my server if you need a link

Martin Gainty 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire
prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe
quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information
seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les
email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune
responsabilité pour le contenu fourni.

> Date: Tue, 2 Jun 2009 16:08:58 -0600
> Subject: Re: Authentication from the browser
> From:
> To:
> >
> > ? You can't put HTTP headers "in" a link, unless you're processing
> > it through some proxy mechanism...
> >
> Looks like the last SecurityFilter build was released on Dec. 14, 2004,
> which makes me hesitant to use it.
> I am wondering if it is possible to use JavaScript to include the user name
> and password in the HTTP header when the link is clicked. According to the
> following statement I borrowed from
> won't work either:
> "With container managed security, the container will not process login
> requests unless the container itself has initiated the authentication
> sequence .."
> Does this mean that there is no way to authenticate against Tomcat server
> unless the server initiated the request itself?
> > > Does this give you enough information to propose a solution?
> >
> > I suspect you need to write your own solution, though this:
> >
> > :: has been recommended by others on this list many times, and
> > might help (I've never used it).
> >
> > HTH,
> > --
> > Hassan Schroeder ------------------------
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:
> >
> >

Hotmail® has ever-growing storage! Don’t worry about storage limits.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message