-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all; gotta solve a very special authentication situation: Users need to have access to certain file packages using an URL like http://.../packages/<package-id> with <package-id> referring to an identifier stored in a local document management system. User information (id, password) are stored in the DMS database as well. To provide access to a certain package, I need to ensure (a) the user is valid (thus, has authenticated) (b) the user is owner of the package (which I can find out using the DMS database as well) However, following this approach I cannot use container-based authentication as the DBMS user management repository is not easily accessible via such a configuration but there are Java classes to authenticate the user using an API which to be called from another Java class, a servlet, ... So, my question: Is there a way to configure Tomcat that, for a given servlet or resource, a HTTP authentication window will appear and, then, the data entered there (username, password) is given to the servlet in order to do anything useful with it? I _suppose_ those parameters should be available as part of the Request, but I don't know how to make tomcat demand HTTP authentication _without_ automatically validating these parameters. Any hints on that? TIA and bye, Kristian - -- Kristian Rink * http://zimmer428.net * jab: [EMAIL PROTECTED] icq: 48874445 * fon: ++49 176 2447 2771 "Wenn einer allein träumt, ist es nur ein Traum. Wenn viele gemeinsam träumen, ist das der Anfang einer neuen Wirklichkeit." (Hundertwasser) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEyNnIcxBAPOA1m6wRAiUDAJ0dye/TauPE+I6aN/zozzGbIDWA1gCfWaV5 GP9iBHbOOjIsMPA1TLIq+/s= =1z5/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]