RE: Can I use apache authentication for servlet?

Christopher Hoover Fri, 6 Aug 1999 08:44:29 -0700
-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------


Both the redirection on an invalid session or the
SC_UNAUTHORIZED/WWW-Authenticate technique work fine for GET's.

But there's no way to make either work for POST's, is there?

-ch


------
Christopher Hoover
mailto:[EMAIL PROTECTED]
http://www.murgatroid.com
+1-408-348-0304, +1-209-315-6378 fax


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Paul J
> Thompson
> Sent: Friday, August 06, 1999 7:39 AM
> To: Java Apache Users
> Subject: Re: Can I use apache authentication for servlet?
>
>
> -----------------------------
> Please read the FAQ!
> <http://java.apache.org/faq/>
> -----------------------------
>
> > I can protect the whole zone with <Location /myzone/> but I cannot
> > protect a specified servlet with <Location /myzone/MyServlet>
> > and also I cannot protect specified files with
> > <Location /myzone/MyServlet/path/somefile.html>
> >
> > How can it be done ?
>
> Try this.
>
> Put your servlets under the path /myzone/servlets and mount your extra
> files at the path /myzone/. Then, you can protect any extra files in
> your path (i.e. /myzone/path/somefile.html) with standard Apache
> authentication.
>
> And here is what I am using to protect certain servlets. At the start
> of the doGet/doPost method for each servlet you wany protected, have
> the servlet try to get a value from the current session such as "user".
> If the value is not present (the user is not logged in...) store the
> current "request URL" in the current session and then redirect the user
> to an authentication servlet. That servlet should present the user with
> a login form, and then perform authentication (in any way you like). If
> the user succeeds in authenticating, store a "user" value into the
> session ("login" the user), pull the "request URL" out of the session
> object and redirect the user back to that page. Now that the user is
> "logged in" (that the "user" value will be present in the session), the
> original page should allow the user to access it normally.
>
> A good example/description of this can be found at the following URL:
>   http://www.servlets.com/jsp/examples/ch08/index.html#ex08_03
>
> To keep your "extra file" authentication in sync (same usernames and
> passwords) you might be able to use one of the apache authentication
> modules, and then duplicate what it does to check a user in the
> authenticate part of your authentication servlet.
>
> Hope some of this helps...
>
> Paul
>
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Archives and Other:  <http://java.apache.org/main/mail.html>
> Problems?:           [EMAIL PROTECTED]
>



--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]
RE: Can I use apache authentication for servlet?

Reply via email to
