Geeta,
that option has been identified, and is actually how i'm handling it now,
but what i'm trying to accomplish by using 'basic challenge' is to provide a
secondary security check for all files contained under a folder. for
example, if a file is non-jsp (ie. a word document) there would be no
security check since i can't check for a session. so, i'm trying to
determine if it's possible to be even more granular through the setting of
headers and use of basic challenge.
CJ
-----Original Message-----
From: Geeta Ramani [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 11, 2000 7:23 AM
To: [EMAIL PROTECTED]
Subject: Re: security thru headers
Hi CJ:
If you are planning on doing un/pw checking via a form/servlet/dbtables, why
then would you *also* need to secure the folder (using basic challenge
authentication)? Why not simply redirect to an "ordinary" folder, rewrite
all
the .html files in the folder as .jsp files and ensure at the top of the jsp
files that if the required session variables are not set, then you redirect
to
the login page. Once the required session vars are set (in the login.jsp)
you
can go merrily on your way.. Hope this makes sense. (;-)
Geeta
CJ Smessaert wrote:
> i'm trying to accomplish the following:
>
> implement a single sign-on html form which would, upon submission, check
if
> the username/password pair is a valid user via a database call,
potentially
> check if the user is a valid user on the network (NT), and if determined
to
> be a valid user, set valid http headers and sessions, then redirect the
user
> to a folder secured by 'basic challenge' authentication. the goal is to
> avoid the standard login prompt (ugly, intrusive).
>
> anyone have insight on how to programatically set the headers? any
catches?
>
> CJ Smessaert
> Ignition State
> http://www.ignitionstate.com
> 312.948.5110 (v)
> 312.648.8615 (f)
> 312.399.1262 (c)
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
