Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 83994 invoked from network); 2 Jun 2009 20:02:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Jun 2009 20:02:15 -0000 Received: (qmail 43985 invoked by uid 500); 2 Jun 2009 20:02:24 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 43902 invoked by uid 500); 2 Jun 2009 20:02:23 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 43891 invoked by uid 99); 2 Jun 2009 20:02:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jun 2009 20:02:23 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of alecswan@gmail.com designates 209.85.221.111 as permitted sender) Received: from [209.85.221.111] (HELO mail-qy0-f111.google.com) (209.85.221.111) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jun 2009 20:02:14 +0000 Received: by qyk9 with SMTP id 9so75074qyk.30 for ; Tue, 02 Jun 2009 13:01:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=10wQ0oFqWTv2Bb0xnxo05OGhRciqm8+jdqXJYkqiJQk=; b=DGOG6OBnyyzf/+aAFLyLkWQ/e9OO8bZLhxkFgTpsrdjxbRbbIclqaYLnGZL/nrqNaF EQAprMv20kfzI6rVx4KejI8e4KnZbxGq2/HEMpjuK3XpCwsdEz0LShxyqQGss+a6b42s rpsltXyR+kzvRwHnQchSpjeOUG3gQzCHmPvUU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=PoLQZ6sYH06byPqG+BB4hUf1GiA8uqF6OIKre1tcDu/m5R01JvVLSjl7p0mDqq+Xw/ uiOqEFdONM6a72MW5oJQOAIWQo9H8JGkWpsGG2fAByUfh9ubBo074Hi5DVl4Rlee/UrY opJigDOzdFYCGm8JjQTDJ9+3OK2t09xMlGXDw= MIME-Version: 1.0 Received: by 10.151.73.7 with SMTP id a7mr320259ybl.148.1243972913251; Tue, 02 Jun 2009 13:01:53 -0700 (PDT) In-Reply-To: <4eedb92a0906021122k66e023amd99cd2841cbd25d3@mail.gmail.com> References: <34abb48b0906021022w77fa5ef2yd3b0e3d1dc7e614d@mail.gmail.com> <4eedb92a0906021037h6506eeb6yf3e219929cde0266@mail.gmail.com> <34abb48b0906021103w7fab5541uf1f6c8123696ac0f@mail.gmail.com> <4eedb92a0906021122k66e023amd99cd2841cbd25d3@mail.gmail.com> Date: Tue, 2 Jun 2009 14:01:53 -0600 Message-ID: <34abb48b0906021301r2ee0964fjd5da3b50992e1027@mail.gmail.com> Subject: Re: Authentication from the browser From: Alec Swan To: Tomcat Users List Content-Type: multipart/alternative; boundary=001e680f0bcc9ac45d046b6303cf X-Virus-Checked: Checked by ClamAV on apache.org --001e680f0bcc9ac45d046b6303cf Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I may not be explaining it clearly. We have one corporate customer who is putting a link to our servlet on their intranet web page. Therefore, we know the domain name of the users who need custom authentication. We can also tell the customer to put whatever we need in the link, such as HTTP headers. Does this give you enough information to propose a solution? On Tue, Jun 2, 2009 at 12:22 PM, Hassan Schroeder < hassan.schroeder@gmail.com> wrote: > On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan wrote: > > Hassan, I don't think that the goals are contradictory, because each goal > > applies to its own group of users: our customer users and everybody else. > > Customer users should not have to enter user name and password, but > > everybody else should. > > IOW, you want it protected, and you want it openly accessable. > Sorry, that sounds contradictory to me :-) > > If you have "a customer who would like to put a link on a web page" > to your servlet, that servlet's URL is now "in the wild" -- anyone who > finds it can access it. > > > I am glad that you made me think about this, because maybe it is possible > to > > extend Tomcat authentication to also use client IP address or domain? > > How would you know a priori the IP or domain of the clients? > > -- > Hassan Schroeder ------------------------ hassan.schroeder@gmail.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --001e680f0bcc9ac45d046b6303cf--