tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: FW: JAAS Realm with JDBC Authentication
Date Tue, 07 Jul 2009 07:55:56 GMT
Geofrey Rainey wrote:
> Hi Mark,
> 
> Yes i've read that document many times. However still need a few
> pointers
> on writing the Login Module and how it integrates with the
> Callbackhandler
> to create the popup dialog. I can't really find any comprehensive doco
> on this.
> 
If you are talking about the standard browser popup login dialog :
this popup dialog is built-in into the browser.  The browser 
automatically pops it up when it requests some webserver resource which 
happens to be protected, and receives a certain status code response 
from the server (401 Unauthorized), along with a "WWW-Authenticate:" 
HTTP header .
When the user fills in this dialog (user-id, password) and clicks OK, 
the browser re-issues the same request, together with a new HTTP request 
header "Authorization:" containing some coded form of the 
user-id/password.
It is then the webserver's job to decode this, and grant access or not.
See here for details :
http://tools.ietf.org/html/rfc1945#section-11

The gist is : you will not find the creation of this login dialog window 
in any server-side code, because it is a browser-side thing.  The server 
just sends a 401 response to "make it happen".

The above is valid for the HTTP "Basic" and "Digest" authentication schemes.
Things are different if you are talking of an AAA scheme that uses a 
HTML login page, SSL etc..

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message