tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: AJAX Authentification
Date Sat, 09 Feb 2013 13:28:31 GMT
Johannes Meyer wrote:
> Hello all,
> I'm developing a web application with asynchronous techniques (ExtJS).
> The most pages are secured with a "security-constraint", so the user
> has to log in at first.
> The users gets prompted a login dialog and can type in his username
> and password. The data will be sent asynchronous to the server and the
> user should be logged in.
> How can I implement it at best?
> I tried to work with FORM-authentication but it is not very elegant.
> Is there any solution to make an AJAX-Authentication?
> Or can I build a servlet, that logs the user in, without show him any dialogs?


Almost any HTTP authentication requirement can be solved, but whether it is easy, 
difficult, or impossible depends a lot on the details of the situation.
So you will need to provide some additional data if you want more help.
Is this an Internet server with clients being anywhere, or is it a purely Intranet situation
If Intranet, are you using any form of Windows domain authentication ?
What are the browsers ? (it can matter, if the Ajax in the browser uses its own connection

and authentication, or shares it with the browser in general)
What degree of security does this require ?
Do the Ajax calls address the same host & webapp as the ones which the browser accesses
Are you using some specific Ajax library to make those calls ? (if yes, which 
authentication methods does it support ?)
Do you have an Apache httpd in front of Tomcat, or can you set one up ? (there are more 
authentication variations available for httpd than for tomcat, and the httpd-level 
authentication can be forwarded to tomcat)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message