You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chris A <vt...@icqmail.com> on 2002/07/10 15:31:06 UTC
automate JDBC realm login
Hello all,
Anyone know how to automate a JDBC realm login, so the user will not have to login when visiting a secure page during a different session ? This would be similar to a "remember me" checkbox on the login page.
I have tried to use a bean and servlet to set the j_username and j_password and "fake" an HTTP/POST , but nothing I have tried seems to work. Anyone done this before or know if this is possible using a realm setup ?
Thanks for your help,
Chris A.
Austin, TX
-------------------------------------------------------------
Sign up for ICQmail at http://www.icq.com/icqmail/signup.html
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: automate JDBC realm login
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On 10 Jul 2002, Chris A wrote:
> Date: 10 Jul 2002 06:31:06 -0700
> From: Chris A <vt...@icqmail.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: automate JDBC realm login
>
> Hello all,
>
> Anyone know how to automate a JDBC realm login, so the user will not
> have to login when visiting a secure page during a different session ?
> This would be similar to a "remember me" checkbox on the login page.
>
There is no standard functionality in Tomcat to do this. It would be
feasible to customize one of the existing Authenticator implementations to
look for a remember-me cookie and bypass the challenge for
username/password if it can find the corresponding user.
> I have tried to use a bean and servlet to set the j_username and
> j_password and "fake" an HTTP/POST , but nothing I have tried seems to
> work. Anyone done this before or know if this is possible using a realm
> setup ?
>
There's nothing you will be able to do at the application level to
accomplish this (and that's a good thing, because otherwise malicious apps
could bypass the container's security :-). You will need to do this at
the inside-Tomcat level instead.
> Thanks for your help,
>
> Chris A.
> Austin, TX
>
Craig
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>