Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should.
Also, in general it is possible to authenticate a user without requiring the user to enter the user name and password in the application, e.g. NTLM-based authentication or authentication based on the client's IP address. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? Can you think of any other ways to have two different authentication mechanisms for the same servlet? Thanks! On Tue, Jun 2, 2009 at 11:37 AM, Hassan Schroeder < hassan.schroe...@gmail.com> wrote: > On Tue, Jun 2, 2009 at 10:22 AM, Alec Swan <alecs...@gmail.com> wrote: > > > We would also like to continue using the existing authentication > mechanism. > > > So, the question is how can we ... allow authentication to happen > > without requiring the end-user to type in the user name and password? > > Your goals seem contradictory. Maybe you need to rethink... :-) > > -- > Hassan Schroeder ------------------------ hassan.schroe...@gmail.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
