On Fri, 24 Aug 2001, Roland wrote:
> Date: Fri, 24 Aug 2001 17:28:08 -0300
> From: Roland <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Question working with security realms
>
>
> > You don't have to do any "forwarding". Consider the various login methods
> > that might be in use, and assume that the user just requested a protected
> > resource for the first time:
> >
> > * BASIC and DIGEST: The browser will pop up the login dialog. Once the
> > user authenticates correctly, the original request will be honored.
> >
> > * FORM BASED: The container will save the original request and display
> > the form login page. After you type in your username and password and
> > press submit, the container will automatically return the user to
> > the original request.
> >
> > * CLIENT-CERT: You will be asked which or your client certificates should
> > be sent to the server. Once it's checked, the original request
> > will be honored.
>
> Where can I find more infor and documentation especially on the FORM BASED
> thing?
>
All of these are defined in the Servlet Specification:
http://java.sun.com/products/servlet/download.html
I also did a BOF at JavaOne (so popular that people couldn't even get in
to the room :-) that covered these features in a slightly more detailed
fashion. The info I presented will ultimately be included in the Tomcat
docs -- in the mean time, contact me privately <[EMAIL PROTECTED]> if
you'd like a copy of the slides (PowerPoint or StarOffice format).
As shipped, the examples application included with Tomcat is set up for
form-based login. Start up Tomcat and try:
http://localhost:8080/examples/jsp/security/protected/index.jsp
The usernames and passwords are defined in "conf/tomcat-users.xml" (by
default).
> Thanks...Roland
>
>
>
Craig
