tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jerry Malcolm <>
Subject Re: Form-based Login question
Date Fri, 02 Dec 2011 04:38:02 GMT
Ouch... you said a curse word.... "Upgrade".... :-)  I know I've needed to
do it for a long time now... I'm still on 5.5.  But if it ain't broke....
You've at least given me a good excuse to dive in and upgrade to get this
login feature.  Before I start, any words of advice for migrating?  Should
it be relatively painless (e.g. install, copy current server.xml, and go?)
or is this something I'd better allocate a few days for?



On Thu, Dec 1, 2011 at 8:53 PM, Christopher Schultz <> wrote:

> Hash: SHA1
> Jerry,
> On 12/1/11 9:30 PM, Jerry Malcolm wrote:
> > I have been using form-based auth for several years.  I understand
> > the challenge concept where TC puts up the pre-defined login page
> > when the first page requiring auth is requested.  But I have a
> > slightly different situation.  I want all of my non-protected pages
> > (guest-level) to include the id/pw fields at the top of the page.
> > At any time when the user chooses to go to the protected area of
> > the site, they enter their id/pw and hit the login button and it
> > takes them to a page in the protected area.  Basically, I want to
> > bypass the forced login page if the user entered an id/pw unless
> > obviously the auth failed on the provided id/pw.
> >
> > Is there a way to 'force' provide credentials under the covers at
> > the time the first protected page is requested to get the user
> > signed on without the intermediate login form appearing?
> The easiest thing to do it to upgrade to Tomcat 7 which supports
> servlet spec 3.0. There is a new method in the HttpServletRequest
> class called "login" that takes a username and password.
> Just take the username and password from the request (in a servlet you
> write yourself) and call request.login(). After that, forward (or
> redirect) the user wherever you want -- some kind of "you're
> logged-in" landing page.
> Hope that helps,
> - -chris
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools -
> Comment: Using GnuPG with Mozilla -
> P5MAnjoAsGuqxmQsv2jeg+C1gvkmLaRK
> =Wvqf
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message