Thank you Tim,
Where is 'j_security_check' defined and read?
Do you have any idea to how I connect realm-name to a protected directory?
Thank you,
Batsheva
-----Original Message-----
From: Julien, Timothy [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 28, 2001 9:36 AM
To: '[EMAIL PROTECTED]'
Subject: RE: auth-method
there are:
1. FORM:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>login.jsp</form-login-page>
<form-error-page>error.jsp</form-error-page>
</form-login-config>
</login-config>
login.jsp needs an html form with action='j_security_check'
and inputs named: 'j_username' and 'j_password'
2. BASIC:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name> <!-- dont actually know how this affects
the container -->
</login-config>
for this you will most likely need to configure your web server to accept
BASIC header information, and also configure it to either let those headers
through, or verify the user at the web-server level (at which point it will
let the request through).
3. CLIENT-CERT:
(this is a Client Certificate, like an SSL X509 Certificate):
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
you'll probably need to do the same thing as BASIC, except instead of BASIC
headers, you'll need certain certificate headers to get through - this is
web-server dependant what they're called.
4. DIGEST - Not supported in all containers:
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
Tim Julien
HP middleware
-----Original Message-----
From: Batsheva Raviv [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 28, 2001 12:20 PM
To: Tomcat Usr (E-mail)
Subject: auth-method
I have found about 2 or 3 type of auth-method Basic, Form and digest. Are
there more?
Can someone help me find documentation how should I set the Login-config.
Thank you,
Batsheva
