tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Winter <andrewcwin...@gmail.com>
Subject Re: basic auth required on https but not required on http
Date Thu, 21 Feb 2013 19:21:27 GMT
On Wed, Feb 20, 2013 at 10:38 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> André,
>
> On 2/20/13 1:40 PM, André Warnier wrote:
> > Andrew Winter wrote:
> >> On Wed, Feb 20, 2013 at 5:13 AM, André Warnier <aw@ice-sa.com>
> >> wrote: Okay, I have this resolved, now.  I went with the FORM
> >> authentication method and created a servlet that will create a
> >> login screen on an isSecure() connection. For standard HTTP
> >> requests I pass over a self submitting form with the credentials
> >> included.  This will work for the human interfaces and I will
> >> just have to deal with any programmatic access problems as I find
> >> them.
> >>
> > You could probably just "force" an authenticated user into Tomcat
> > (userPrincipal and that kind of thing) when the connection is
> > internal. That would also probably solve your programmatic access
> > case.
>
> Or just use HttpServletRequest.login(String username, String
> password). No need to force an actual form.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEAREIAAYFAlEllrwACgkQ9CaO5/Lv0PCQeQCfV7OMDpuC7PnQK3pcCVksM5lg
> MhcAn1TYFdV+9lXESMxeYOeXcYGrFyXi
> =hSIr
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
I have tried the HttpServletRequest.login(String username, String
password). I find that it works if I put it in the servlet I made for the
FORM login. But it requires a second request to actually reach the page.
The first request serves to authenticate only. Is there a way to do this so
that I can get to the web app with the same request that does the log in?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message