Stéphane CORNOU wrote:
> Hi,
> I made an entry point servlet that is used to authentificate users and
> start sessions. Users are listed in a DBMS.
>
> After authentification user may have to navigate throw many static Html
> pages. My main problem is to let apache know who has rights to access
> these pages.
>
> I looked at the ApJServSecretKey directives to authenticate connections
> between the webserver and Jserv but I can't understand the way it works.
>
> I may have to use htacces but how can I retrieve my list of authorized
> users ?
>
> Any help will be appreciated, sincerely.
>
If you want Apache to manage security for the static pages, then you need
to use normal Apache techniques (.htaccess files, MOD_AUTH_XXXXX modules,
and so on) to do it. The ApJServSecretKey stuff is just to do the initial
handshake between the web server and the JServ process, to eliminate bogus
connections to the JServ port -- it has nothing to do with user level
security.
What I do in this scenario is use something like MOD_AUTH_MYSQL so that
Apache uses a database for authenticating people, and then use same
database for my application level security management in the servlet. That
way, setting up a new user gives them access to both, without having to
remember to make two entries anywhere. You can find various Apache
authentication modules around the web, or at http://modules.apache.org on
the Apache site.
Craig McClanahan
-- --------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
READ THE FAQ!!!! <http://java.apache.org/faq/>
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
