tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Programatic JAAS login in Tomcat 6.0.26!
Date Thu, 20 Jan 2011 20:14:25 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

On 1/20/2011 12:28 PM, Mark Thomas wrote:
> On 20/01/2011 17:25, neo21 zerro wrote:
>>  Hi Mikolaj and Mark, 
>>
>>
>>   Thanks for the replay. The problem is that I read the specifications and I 
>> still don't know how to push the login details 
>> and the request for the main page in one call. 
> 
> In Tomcat 6.0.x you can't.

The OP should be able to do the following, since he's got complete
control over the client:

1. Issue a request to http://host/some/protected/resource
2. Capture the JSESSIONID cookie that comes back with the request
3. Use the existing j_security_check URL plus ";jsessionid=" shoved into
it with the JSESSIONID from step #2 to open the browser window

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk04l6EACgkQ9CaO5/Lv0PC60wCfbafrd+6h7IhPZuY2AbR2vuu5
jFAAn2Q1k0NcmwaPFcfMyo/O0LJ3W1Z4
=5ASP
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message