Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 89434 invoked from network); 3 Jun 2009 14:26:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 3 Jun 2009 14:26:01 -0000 Received: (qmail 54187 invoked by uid 500); 3 Jun 2009 14:26:09 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 54122 invoked by uid 500); 3 Jun 2009 14:26:09 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 54094 invoked by uid 99); 3 Jun 2009 14:26:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2009 14:26:05 +0000 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [76.96.30.24] (HELO QMTA02.emeryville.ca.mail.comcast.net) (76.96.30.24) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Jun 2009 14:25:53 +0000 Received: from OMTA06.emeryville.ca.mail.comcast.net ([76.96.30.51]) by QMTA02.emeryville.ca.mail.comcast.net with comcast id zQSk1b00116AWCUA2SRYEp; Wed, 03 Jun 2009 14:25:32 +0000 Received: from [192.168.1.101] ([69.143.128.194]) by OMTA06.emeryville.ca.mail.comcast.net with comcast id zSRS1b0054BnRt98SSRV0U; Wed, 03 Jun 2009 14:25:31 +0000 Message-ID: <4A2687D4.1020609@christopherschultz.net> Date: Wed, 03 Jun 2009 10:25:24 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1b3pre) Gecko/20090223 Thunderbird/3.0b2 MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Authentication from the browser References: <34abb48b0906021022w77fa5ef2yd3b0e3d1dc7e614d@mail.gmail.com> <4eedb92a0906021037h6506eeb6yf3e219929cde0266@mail.gmail.com> <34abb48b0906021103w7fab5541uf1f6c8123696ac0f@mail.gmail.com> In-Reply-To: <34abb48b0906021103w7fab5541uf1f6c8123696ac0f@mail.gmail.com> X-Enigmail-Version: 0.96a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alec, On 6/2/2009 2:03 PM, Alec Swan wrote: > Hassan, I don't think that the goals are contradictory, because each goal > applies to its own group of users: our customer users and everybody else. > Customer users should not have to enter user name and password, but > everybody else should. What authentication mechanism are you using already? FORM? BASIC? With BASIC or DIGEST authentication, it's easy enough to put the credentials into the request that the remote server sends to you. If you're using FORM authentication, it's more complicated because Tomcat's authentication /requires/ request->challenge->credentials->repeat-request. If you use securityfilter (http://securityfilter.sourceforge.net), you can do drive-by logins by just calling j_security_check directly (without an initial request). Another option (which I prefer) is to provide a service that is oriented toward these clients which accepts credentials in a different form. Don't use container-managed security for this service. Instead, accept credentials in some other way. You can accept username and password, or you could even accept a single token which is encrypted using a pre-shared key. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkomh9QACgkQ9CaO5/Lv0PB/wwCfdVDhW0QEwL4psZmLz2ff1JM+ EwQAnjjeCbAPtHbiJBvGJV1HVpwdkl0r =8h+o -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org