You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kevin Andryc <ka...@miser.umass.edu> on 2003/06/30 16:45:41 UTC
Tomcat Authentication Nightmare
Hi all,
In a previous project, I decided to use Tomcat authentication and just
had nightmarish troubles. Telling people they couldn't bookmark the logon
page just isn't a solution. Plus, many people had serious problems trying to
login. They would enter in their user name and passwords multiple times, and
still could not get in. I would honestly say 25-30% of the people had
problems, which did not reflect well on me. Previously I used Apache
authentication, but it is just not as flexible as Tomcat, but then again I
never had a problem with it. I was wondering if there are any suggestions
for authentication? I don't really want to use Apache for this upcoming
project and would really prefer a Tomcat-like authentication mechanism where
I could use a database to hole user names and passwords etc. Any suggestions
would be appreciated!
Thanks,
Kevin
Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
kandryc@miser.umass.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat Authentication Nightmare
Posted by John Turner <to...@johnturner.com>.
Not sure what you are looking for, but we do this on all of our web apps.
Users can bookmark the login page all they wish, in fact the login page is
index.jsp. They type their username and password in, click submit. This
posts to a JSP, the JSP checks against a database, and approves or
disapproves. If approves, sets a session variable. On every other JSP,
there is a check for the session variable. If not set, bounce to
index.jsp.
There are probably other much more elegant ways to do it, and probably ways
to do this built-in to Tomcat, but the method above works for us.
If there's another, more elegant way to do this, I'd love to see an
explanation of it and the rationale for it.
John
On Mon, 30 Jun 2003 10:45:41 -0400, Kevin Andryc <ka...@miser.umass.edu>
wrote:
> Hi all,
> In a previous project, I decided to use Tomcat authentication and just
> had nightmarish troubles. Telling people they couldn't bookmark the logon
> page just isn't a solution. Plus, many people had serious problems trying
> to
> login. They would enter in their user name and passwords multiple times,
> and
> still could not get in. I would honestly say 25-30% of the people had
> problems, which did not reflect well on me. Previously I used Apache
> authentication, but it is just not as flexible as Tomcat, but then again
> I
> never had a problem with it. I was wondering if there are any suggestions
> for authentication? I don't really want to use Apache for this upcoming
> project and would really prefer a Tomcat-like authentication mechanism
> where
> I could use a database to hole user names and passwords etc. Any
> suggestions
> would be appreciated!
>
> Thanks,
> Kevin
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> kandryc@miser.umass.edu
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org