tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <demablo...@gmail.com>
Subject Re: tomcat security authenticator
Date Thu, 28 Jun 2012 08:42:25 GMT
2012/6/28 Komáromi, Zoltán <komaromi.zoltan@horticosoft.hu>:
> 1. Why not a Realm?
> Because the authentication depends on session attribute, and I want to
> bypass the form if user is logged in.

When I used Tomcat's realm to authenticate users , that was a issue
than I missed : to access to session enviroment or context enviroment.
I had to try Spring Security because it implements this feature

I understand that authentication is a previous step to accessing web
application, but , sometimes, it's required to update session
enviroment . For example, to forward to a custom error page , with a
diferent message error ( "user not found", "user is already logged",
etc. )
Some of these things I could solve with filters & temp registers in
database, but I don't like it

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message