On 13/06/2011 07:50, Petr Hracek wrote: > First authentication is done so that if in the browser exists relevant > HTTP COOKIE and validation of that cookie is done then page should be > shown. > How to do that I do not know from the tomcat point of view. > > Is there any possiblity how to check valid HTTP COOKIE otherwise > showing loging page. > > If HTTP COOKIE is not existing than logging has to be done over my one > program. > How to do that I do not know as well. > > Are there any examples?
From the little information you give, you're describing container managed security. FORM auth as defined by the Servlet Spec can do just that. You configure a Realm, some elements in web.xml which define where the login form & error pages are, and which URLs are protected. p > 2011/6/13 Petr Hracek <phrac...@gmail.com>: >> First authentication is done so that if in the browser exists relevant >> HTTP COOKIE and validation of that cookie is done then page should be >> shown. >> >> >> 2011/6/12 Mark Thomas <ma...@apache.org>: >>> On 12/06/2011 20:29, Pid wrote: >>>> On 12/06/2011 17:12, Petr Hracek wrote: >>>>> And what about in case that I have my own program for accessing to the >>>>> specific >>>>> databases where the passwords are stored as hashes? >>>>> >>>>> Are there any possibilities how to run that program for getting unhashed >>>>> password from database? >>>> >>>> Why not hash the inbound password, then send & compare it against the >>>> one in the DB, rather than decoding it? >>>> >>>> The Realm implementations can handle this, if you're using a standard >>>> hashing method that Java recognises. >>>> >>>> Hopefully you've not invented your own hashing method. >>> >>> Hmm. Hash functions are meant to be one way. It should be impossible to >>> retrieve an unhashed password from the database. >>> >>> I hope that the original description is inaccurate rather than an >>> example of (yet another) badly broken home-grown security solution that >>> needs to be thrown away. >>> >>> Mark >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> >> >> >> -- >> Best Regards / S pozdravem >> Petr Hracek >> > > >
signature.asc
Description: OpenPGP digital signature
