RE: auth-method query
I have already authenticated, but I am not authenticating for this particular request. -Original Message- From: Koes, Derrick Sent: Wednesday, March 24, 2004 6:50 PM To: '[EMAIL PROTECTED]' Subject: auth-method query I wish to programmatically check for the auth-method using Tomcat 4.1.18. The HttpServletRequest class provides a getAuthType method, but this is only good for an authentication request. How do I retrieve the auth type used for the web container at runtime for a non-authentication request? I guess I could add it to the session upon authentication, but I was curious if there was another way. Thanks, Derrick This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: auth-method query
You can't. If your not authenticated - then getAuthType() can't be filled in -Tim Koes, Derrick wrote: I wish to programmatically check for the auth-method using Tomcat 4.1.18. The HttpServletRequest class provides a getAuthType method, but this is only good for an authentication request. How do I retrieve the auth type used for the web container at runtime for a non-authentication request? I guess I could add it to the session upon authentication, but I was curious if there was another way. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: auth-method
On Wed, 28 Mar 2001, Batsheva Raviv wrote: I have found about 2 or 3 type of auth-method Basic, Form and digest. Are there more? Can someone help me find documentation how should I set the Login-config. Thank you, Batsheva The four standard methods are defined in the Servlet Specification, which you can download at http://java.sun.com/products/servlet/download.html. The only one you missed is CLIENT-CERT authentication, which uses an SSL client certificate chain to identify and authenticate a user. Craig McClanahan
RE: auth-method
there are: 1. FORM: login-config auth-methodFORM/auth-method form-login-config form-login-pagelogin.jsp/form-login-page form-error-pageerror.jsp/form-error-page /form-login-config /login-config login.jsp needs an html form with action='j_security_check' and inputs named: 'j_username' and 'j_password' 2. BASIC: login-config auth-methodBASIC/auth-method realm-namedefault/realm-name !-- dont actually know how this affects the container -- /login-config for this you will most likely need to configure your web server to accept BASIC header information, and also configure it to either let those headers through, or verify the user at the web-server level (at which point it will let the request through). 3. CLIENT-CERT: (this is a Client Certificate, like an SSL X509 Certificate): login-config auth-methodCLIENT-CERT/auth-method /login-config you'll probably need to do the same thing as BASIC, except instead of BASIC headers, you'll need certain certificate headers to get through - this is web-server dependant what they're called. 4. DIGEST - Not supported in all containers: login-config auth-methodDIGEST/auth-method /login-config Tim Julien HP middleware -Original Message- From: Batsheva Raviv [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 28, 2001 12:20 PM To: Tomcat Usr (E-mail) Subject: auth-method I have found about 2 or 3 type of auth-method Basic, Form and digest. Are there more? Can someone help me find documentation how should I set the Login-config. Thank you, Batsheva
RE: auth-method
Thank you Tim, Where is 'j_security_check' defined and read? Do you have any idea to how I connect realm-name to a protected directory? Thank you, Batsheva -Original Message- From: Julien, Timothy [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 28, 2001 9:36 AM To: '[EMAIL PROTECTED]' Subject: RE: auth-method there are: 1. FORM: login-config auth-methodFORM/auth-method form-login-config form-login-pagelogin.jsp/form-login-page form-error-pageerror.jsp/form-error-page /form-login-config /login-config login.jsp needs an html form with action='j_security_check' and inputs named: 'j_username' and 'j_password' 2. BASIC: login-config auth-methodBASIC/auth-method realm-namedefault/realm-name !-- dont actually know how this affects the container -- /login-config for this you will most likely need to configure your web server to accept BASIC header information, and also configure it to either let those headers through, or verify the user at the web-server level (at which point it will let the request through). 3. CLIENT-CERT: (this is a Client Certificate, like an SSL X509 Certificate): login-config auth-methodCLIENT-CERT/auth-method /login-config you'll probably need to do the same thing as BASIC, except instead of BASIC headers, you'll need certain certificate headers to get through - this is web-server dependant what they're called. 4. DIGEST - Not supported in all containers: login-config auth-methodDIGEST/auth-method /login-config Tim Julien HP middleware -Original Message- From: Batsheva Raviv [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 28, 2001 12:20 PM To: Tomcat Usr (E-mail) Subject: auth-method I have found about 2 or 3 type of auth-method Basic, Form and digest. Are there more? Can someone help me find documentation how should I set the Login-config. Thank you, Batsheva