On Thu, 29 Aug 2002, Per Kreipke wrote:
> Date: Thu, 29 Aug 2002 08:58:33 -0400
> From: Per Kreipke <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [Q] WebDAV servlet authentication...
>
> Does anyone know whether the webdav servlet can use form based
> authentication when the client is not a browser (e.g. DAVExplorer or Web
> Folders)?
>
Isn't this really a question of whether your *client* can understand how
to interact using form based login? That seems pretty unlikely -- most of
the client-is-a-program scenarios I've seen (like the Manager webapp in
Tomcat) use BASIC authentication simply because it is easy to program to.
> If not, can one configure single sign on to use form based authentication on
> some resources and BASIC on others?
>
If you use Tomcat's single sign on support, each webapp can have its own
login method, so you could use BASIC on the webdav webapp, and form-based
for the ones that people use.
> The impetus for my question is the fact that you can not (from my reading on
> this list and a google search) programmatically log out the user from BASIC
> authentication.
>
API for asking for a logout was added in Servlet 2.4, so you'll see it
eventually in Tomcat 5. That doesn't help much in the mean time, though
... and implementing logout for clients using BASIC is pretty interesting
anyway, since it is the *client* that keeps sending the Authorization
header containing the username/password ...
> Per
>
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
