You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by EDV Systembetrieb <ED...@dsd-ag.de> on 2001/12/17 14:32:34 UTC

Basic authentication & password caching

Hi everybody,
I setup Tomcat 3.3 with JDBCRealm and a mysql-database using  basic authenticattion. We use a servlet for fileuploading to our server.
Before sending the files, the user is prompted for loginname and password.

My problem is, that there seems to be a permanent connection between the browser and the servlet or the logininformation a cached by the browser until the browser is restartet

But I'd like to force the user to enter his ID and password each time he sends files, no matter if he restarts his browser or not.

Any hints??

Besides another question:
Is there any documentation about parameters usable in web.xml and apps-XXX.xml and what they mean. This would be very helpfull.

Thanks Sabine


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Basic authentication & password caching

Posted by "Craig R. McClanahan" <cr...@apache.org>.


On Mon, 17 Dec 2001, EDV Systembetrieb wrote:

> Date: Mon, 17 Dec 2001 14:32:34 +0100
> From: EDV Systembetrieb <ED...@dsd-ag.de>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Basic authentication & password caching
>
> Hi everybody,
>
> I setup Tomcat 3.3 with JDBCRealm and a mysql-database using basic
> authenticattion. We use a servlet for fileuploading to our server.
> Before sending the files, the user is prompted for loginname and
> password.
>
> My problem is, that there seems to be a permanent connection between
> the browser and the servlet or the logininformation a cached by the
> browser until the browser is restartet
>
> But I'd like to force the user to enter his ID and password each time
> he sends files, no matter if he restarts his browser or not.
>
> Any hints??
>

As you noted, it is the *browser* that's caching the username/password, so
there is nothing the server can do about it.  An alternative would be to
use form-based login instead -- invalidating the user's session logs them
off.

> Besides another question: Is there any documentation about parameters
> usable in web.xml and apps-XXX.xml and what they mean. This would be
> very helpfull.
>

For web.xml the important document is the Servlet Specification, which you
can download from:

  http://java.sun.com/products/servlet/download.html

For apps-XXX.xml you need to ask the 3.3 developers about it -- there's
lots of docs about configuring Tomcat 4 :-).

> Thanks Sabine
>

Craig


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>