This more or less works for TC 3.x (where j_security_check is a [psuedo-]Servlet). It won't work for TC 4.x and higher (basically the same as the recuring topic: "My users are bookmarking the login page").
As Tim mentioned, Filters are called after Container-Managed authentication is checked. Of course, there is nothing stopping you from implementing a Filter-Managed security scheme (where your Filter(s) do all the work of Tomcat's Authenticators and Realms). "Raible, Matt" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I have a way that's been working for me - see it at: http://raibledesigns.com/training/index.jsp?topic=rememberMe HTH, Matt -----Original Message----- From: Jo�l "Wijngaarde [Us Media] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 6:14 AM To: Tomcat Users List Subject: Re: Auto login using a cookie Hi Tim, Thanks for the reply. I will take a lok at your suggestion, however using a valve would make the login structure Tomcat specific. Most Servlet-Containers supply someway of doing the authentication through LDAP / JDBC / FILE... and thus using this scheme is quite safe. But is there als a 'standard' way of using an auto login feature without breaking the Container independence. - Joel On Tue, 2003-06-03 at 13:38, Tim Funk wrote: > I think you'd need to use a valve instead of a filter. The filters are > invoked after any security check is done (i believe). > > As a starting reference, look at the SingleSignOn valve. > > -Tim > > Jo�l Wijngaarde [Us Media] wrote: > > Hi, > > > > I was wondering if there is a standard way of creating automatic login > > functionality in tomcat. > > > > What I mean is that a user can set a tik a box saying 'Automatically Log > > me in the next time I visit'. This is a common functionality on low > > security sites and improves user experience a lot. > > > > We now use the JDBC Realm for authentication of the users. Of course we > > can 9implement our own security filter checking for the necessary > > credentials, but it would be great if we could use the web.xml file to > > define the security constraints. > > > > Any suggestions or references? > > > > > > Regards, > > > > > > Joel > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- Us Media Stadhouderskade 115 1073 AX Amsterdam t: +31 20 428 6868 f: +31 20 470 6905 w: http://www.usmedia.nl --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
