For some background on authentication with Tomcat, see
<
http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/JDBCRealm.howto
>
<
http://www.mail-archive.com/[email protected]/msg03534.html
>
1 - Apache authenticates the user whith basic (or other) method, and
servlet are enabled to know the actual userid
Servlets can access the HTTP login from the header; it's encoded in
Base64.
See ProtectedPage - chapter 3 of Marty Hall's Core Servlets and JSP
(www.coreservlets.com).
2 - Apache delegates the servlet to make the authentication. This would
be the very best solution, but I suppose it is impossible (could an
Apache module implement this feature?)
The servlets can check for an attribute stored in the session context,
and send people to a login page if it is missing.
-- Ted Husted, Husted dot Com, Fairport NY USA.
-- Custom Software ~ Technical Services.
-- Tel 716 425-0252; Fax 716 223-2506.
-- http://www.husted.com/
