You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andreas Schildbach <an...@schildba.ch> on 2002/09/03 21:27:06 UTC
Container Based Security/Authentication and Forced Login/Logoff
Hello!
I am using Container Based Security with the Tomcat 4.1.9 beta.
Current I have Form based Authentication configured.
I'd like to allow the user to authenticate before he tries to access a
resource that is protected by security contraints in web.xml.
==> Is it possible for a Servlet/JSP to force authentication for a user
(maybe by calling a method)?
I'd also like to offer a 'Logout' button to the user.
==> Is it possible to remove the authentication other than telling the user
to close the browser?
Thanks,
Andreas
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Container Based Security/Authentication and Forced Login/Logoff
Posted by Eddie Bush <ek...@swbell.net>.
Search the archive. The short answers are below.
Andreas Schildbach wrote:
>Hello!
>
>I am using Container Based Security with the Tomcat 4.1.9 beta.
>Current I have Form based Authentication configured.
>
>I'd like to allow the user to authenticate before he tries to access a
>resource that is protected by security contraints in web.xml.
>
So would we all!
>==> Is it possible for a Servlet/JSP to force authentication for a user
>(maybe by calling a method)?
>
Nope. There are work-arounds though, I believe. One of them is JAAS.
>I'd also like to offer a 'Logout' button to the user.
>
>==> Is it possible to remove the authentication other than telling the user
>to close the browser?
>
Invalidate the session. Note that the session will not show up as
invalid until the next request. In other words, don't forward from the
logout, redirect from it.
>Thanks,
>
>Andreas
>
Regards,
Eddie
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>