Authentication without authorisation
Hi all, I've got a question regarding authentication. I wish to do authentication without authorisation. So this means everybody should be free to access my web-resource but I wish to know who it is. Therefore the accessing user must login. As probably everybody knows here I can configure that by means of a security-constraint/login-config in my web.xml file. Here is a little example: security-constraint web-resource-collection web-resource-nameProtect the Helloworld example/web-resource-name description/ url-pattern/servlet/HelloWorldExample/url-pattern url-pattern/servlet/SessionExample/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection /security-constraint login-config auth-methodBASIC/auth-method realm-namepublic/realm-name /login-config Please remark that no auth-constraint is defined, because anybody should have free access to this web-resource. So what I need is authentication without authorisation. The problem is that only if I define some auth-constraint in the security-constraint the authenticate method of the Authenticator will be invoked. I think that the J2EE Standard makes no restriction that authentication can only be used in combination with authorisation. Am I wrong? Or is this a Tomcat bug? Cheers Karin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication without authorisation
Krause auth-constraint role-name*/role-name /auth-constraint Will require authentication but not authorisation. John. Krause Karin wrote: Hi all, I've got a question regarding authentication. I wish to do authentication without authorisation. So this means everybody should be free to access my web-resource but I wish to know who it is. Therefore the accessing user must login. As probably everybody knows here I can configure that by means of a security-constraint/login-config in my web.xml file. Here is a little example: security-constraint web-resource-collection web-resource-nameProtect the Helloworld example/web-resource-name description/ url-pattern/servlet/HelloWorldExample/url-pattern url-pattern/servlet/SessionExample/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection /security-constraint login-config auth-methodBASIC/auth-method realm-namepublic/realm-name /login-config Please remark that no auth-constraint is defined, because anybody should have free access to this web-resource. So what I need is authentication without authorisation. The problem is that only if I define some auth-constraint in the security-constraint the authenticate method of the Authenticator will be invoked. I think that the J2EE Standard makes no restriction that authentication can only be used in combination with authorisation. Am I wrong? Or is this a Tomcat bug? Cheers Karin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Authentication without authorisation
Thanks! I've tried this! It runs!!! -Original Message- From: John Holman [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 27. August 2003 13:40 To: Tomcat Users List Subject: Re: Authentication without authorisation Krause auth-constraint role-name*/role-name /auth-constraint Will require authentication but not authorisation. John. Krause Karin wrote: Hi all, I've got a question regarding authentication. I wish to do authentication without authorisation. So this means everybody should be free to access my web-resource but I wish to know who it is. Therefore the accessing user must login. As probably everybody knows here I can configure that by means of a security-constraint/login-config in my web.xml file. Here is a little example: security-constraint web-resource-collection web-resource-nameProtect the Helloworld example/web-resource-name description/ url-pattern/servlet/HelloWorldExample/url-pattern url-pattern/servlet/SessionExample/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection /security-constraint login-config auth-methodBASIC/auth-method realm-namepublic/realm-name /login-config Please remark that no auth-constraint is defined, because anybody should have free access to this web-resource. So what I need is authentication without authorisation. The problem is that only if I define some auth-constraint in the security-constraint the authenticate method of the Authenticator will be invoked. I think that the J2EE Standard makes no restriction that authentication can only be used in combination with authorisation. Am I wrong? Or is this a Tomcat bug? Cheers Karin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
