I don't want Apache handle all authentication because that means the client
has to enter credentials in a pop up window, which does not look nice
compared to a nice log in page. But someone must know how to tell apache this
client has authenticated. I am surpised there is no setAuthorization method
in servlet API. After reading the Oreilly book, I thought l could make login
servlet unprotected. If the user is valid, I could user URLConnection which
has setRequestProperty ( to use for authentication). With UrlConn I set thte
authorization header, and read a protected file. But will Apache be duped
into thinking the Auth header from urlConn is the authHeader from the client?
Any ideas.
In a message dated 8/8/00 11:10:29 AM Eastern Daylight Time,
[EMAIL PROTECTED] writes:
<< I would assume that the authentication is all or nothing. Why not
just have Apache handle the authentication, and grab the username from the
environment?
>>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
