Why not just have your custom client hit /pages/login.jsp first and pass the j_username and j_password params to it? After this, your session will be active and you can go about hitting whatever you need.
justin
At 03:25 PM 3/18/2004, you wrote:
It's for administration stuff. Then there is not a lot of possible users.
I am using the form authentication, but I think I was not clear when I said that Tomcat popups up a page... in fact, Tomcat redirect to my login page. No popup is displayed...
here is only the login-config (from web.xml).... the security-constraint part is set....
<login-config> <auth-method>FORM</auth-method> <realm-name>Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/pages/login.jsp</form-login-page> <form-error-page>/pages/error.jsp</form-error-page> </form-login-config> </login-config>
I am using the j_security_check functionality provided by Tomcat. If my component sends a request, Tomcat will try to popup this page... if I add the j_username and j_password to the same request, will Tomcat retrieves these authentication parameter and performs an automatic authentication... do I have to config something else to make it work ?
Is it clearer now :)
Thanks all
Eric
From: "Parsons Technical Services" <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Subject: Re: Automatic authentication when accessing a servlet ????????? Date: Thu, 18 Mar 2004 18:12:09 -0500
Is this for a few users or a bunch?
If it is a few users then HTTPS Client authentication may work.
But more likely what will fit your plan is to use form authentication. If
you are getting a prompt for name and password then you are using basic
authentication. See SRV .12.5 in the Servlet 2.4 spec. For examples the TC
manager uses basic where the admin uses form.
Doug www.parsonstechnical.com
----- Original Message ----- From: "Halcyon62 ." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 4:32 PM Subject: Automatic authentication when accessing a servlet ?????????
> Hi
>
> Is it possible to incorporate the j_username & j_password (used by the
> servlet "j_security_check") in the request to authenticate the caller and
> then, grant access to the servlet that i am trying to access ?????
>
> I explain the context:
>
> I have a servlet that allows the caller to download of log files. I can
> download these logs using my browser, enter the address and then select
the
> log I want.
>
> Now, I want to get these log automatically. I built an external component
to
> perform that (it's a requirement i have). The external component builds
the
> HTTP request and sends it to Tomcat. If the security constraint it
commented
> out, it works perfectely. But if the security constraint is on, it does
not
> work because Tomcat is trying to popup a login page, waiting for username
&
> password.
>
> Then, is it possible to incorporate the j_username & j_password (used by
the
> servlet "j_security_check") in the request to authenticate the caller and
> then, grant access to the servlet that i am trying to access ?????
>
> _________________________________________________________________
> MSN Premium helps eliminate e-mail viruses. Get 2 months FREE*
>
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________ MSN Premium helps eliminate e-mail viruses. Get 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
______________________________________________ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php ______________________________________________
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
