tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: problem with tomcat realm
Date Thu, 11 Feb 2010 19:45:40 GMT
Christopher Schultz wrote:
> Hash: SHA1
> Aaaaaaaaaaaaaaaaaaaaaaaaaaaaa,
> On 2/10/2010 8:36 AM, aaaaaa wrote:
>> When the user goes in a particular page I need to ask him a new
>> authentication because this page needs more privileges (this page infact is
>> only for administrators and in web.xml I specify it with a security
>> constraint and role). 
>> This second step is my problem. When he goes in this page only the message 
>> "Access to the requested resource has been denied" appears  while I would
>> like that tomcat asks him for a new login and at the same time that tomcat
>> remembers the previous login when the user comes back in the other pages.
> Tomcat implements container-managed security according to the Java
> Servlet Specification, which does not specify the behavior above.
> Instead, once a user is authenticated, their identity is considered
> "known" and their roles dictate the resources they may access.
> If you want the behavior you describe above, you'll have to use a
> different security mechanism than the one provided by Tomcat.
Or use an Apache httpd in front of Tomcat, and pass the 
httpd-authenticated user-id to Tomcat from Apache.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message