The token is the validation. It's a way of passing around that the user has been validated. Consider it to be a relay race, there's a baton that you're passing around. If you have the baton than you're a valid runner in the race. A security "token" is like the baton, if your user can present the token, and it's valid then they're ok to deal with.
This of course has some issues, but it's one way of doing it. --mikej -=----- mike jackson [EMAIL PROTECTED] > -----Original Message----- > From: Louis Voo [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 19, 2002 10:26 AM > To: Tomcat Users List > Subject: Re: Design question > > > Can you tell me after validate how you redirect to another site? > > Louis > ----- Original Message ----- > From: "Mike Jackson" <[EMAIL PROTECTED]> > To: "Tomcat Users List" <[EMAIL PROTECTED]> > Sent: Monday, August 19, 2002 6:17 PM > Subject: RE: Design question > > > > An encrypted token is one way of doing it. We have a system where one > > system > > validates the user and then it redirects the user to another > site passing > an > > encrypted token (containing amoungst other things a timestamp to allow > only > > a short "window" of opportunity for the token to be used) as a > parameter. > > > > --mikej > > -=----- > > mike jackson > > [EMAIL PROTECTED] > > > > > -----Original Message----- > > > From: Jacob Hookom [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, August 19, 2002 10:09 AM > > > To: 'Tomcat Users List' > > > Subject: RE: Design question > > > > > > > > > I'm trying to accomplish the same thing-- > > > > > > How do you authenticate on Server A, then have that principal > carry over > > > to Servers B and C for download authorization? > > > > > > Thanks! > > > -Jacob > > > > > > | -----Original Message----- > > > | From: Luminous Heart [mailto:[EMAIL PROTECTED]] > > > | Sent: Monday, August 19, 2002 12:06 PM > > > | To: Tomcat Users List > > > | Subject: Re: Design question > > > | > > > | Yes Raju, > > > | It should be doable. You can download TC latest and > > > | hack some code. If you want to use some readily > > > | availabe to help in the process, take a look at the > > > | Tag libs available on Jakarta. Also there are a few > > > | File Upload beans floating around the net, go to > > > | google and type JSP File Upload Bean and see what you > > > | will get. > > > | > > > | I have a couple of applications where a user will > > > | upload files to a remote server after authenticating. > > > | > > > | regards. > > > | > > > | --- Raju Lokhande <[EMAIL PROTECTED]> wrote: > > > | > Greetings everybody, > > > | > I am doing some research on possibility of using > > > | > Tomcat to do a project. General requirements as > > > | > follows > > > | > 1. A user will login to the web application and > > > | > upload a file to a remote server. He or she can only > > > | > access his or her WIN2K/NT domain to upload this > > > | > file. > > > | > 2. User will download a file or a number of files > > > | > from the remote server - again from his or her > > > | > domain. > > > | > I was told that I can do this job using Java Servlet > > > | > and IBM Websphere or BEA Weblogic. > > > | > I am not sure if this is possible in Tomcat. Has > > > | > anybody done similar work using Tomcat. Can you > > > | > share your experiences please? > > > | > Thanks > > > | > Raju Lokhande > > > | > > > > | > > > > | > > > > | > > > > | > > > > ************************************************************************ > > > * > > > | > This message, together with any attachments, is > > > | > intended only > > > | > for the use of the individual or entity to which it > > > | > is addressed. It > > > | > may contain information that is confidential and > > > | > prohibited from > > > | > disclosure. If you are not the intended recipient, > > > | > you are > > > | > hereby notified that any dissemination or copying of > > > | > this > > > | > message or any attachment is strictly prohibited. If > > > | > you have > > > | > received this message in error, please notify the > > > | > original sender > > > | > immediately by telephone or by return e-mail and > > > | > delete this > > > | > message along with any attachments, from your > > > | > computer. > > > | > Thank you. > > > | > > > > | > > > > ************************************************************************ > > > * > > > | > > > > | > > > > | > -- > > > | > To unsubscribe, e-mail: > > > | > <mailto:[EMAIL PROTECTED]> > > > | > For additional commands, e-mail: > > > | > <mailto:[EMAIL PROTECTED]> > > > | > > > > | > > > | > > > | __________________________________________________ > > > | Do You Yahoo!? > > > | HotJobs - Search Thousands of New Jobs > > > | http://www.hotjobs.com > > > | > > > | -- > > > | To unsubscribe, e-mail: <mailto:tomcat-user- > > > | [EMAIL PROTECTED]> > > > | For additional commands, e-mail: <mailto:tomcat-user- > > > | [EMAIL PROTECTED]> > > > | > > > | --- > > > | Incoming mail is certified Virus Free. > > > | Checked by AVG anti-virus system (http://www.grisoft.com). > > > | Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 > > > | > > > > > > --- > > > Outgoing mail is certified Virus Free. > > > Checked by AVG anti-virus system (http://www.grisoft.com). > > > Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 > > > > > > > > > > > > -- > > > To unsubscribe, e-mail: > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > > <mailto:[EMAIL PROTECTED]> > > > > > > > > > > -- > > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
