tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <>
Subject Re: tomcat security authenticator
Date Thu, 28 Jun 2012 08:42:25 GMT
2012/6/28 Komáromi, Zoltán <>:
> 1. Why not a Realm?
> Because the authentication depends on session attribute, and I want to
> bypass the form if user is logged in.

When I used Tomcat's realm to authenticate users , that was a issue
than I missed : to access to session enviroment or context enviroment.
I had to try Spring Security because it implements this feature

I understand that authentication is a previous step to accessing web
application, but , sometimes, it's required to update session
enviroment . For example, to forward to a custom error page , with a
diferent message error ( "user not found", "user is already logged",
etc. )
Some of these things I could solve with filters & temp registers in
database, but I don't like it

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message