| |
| |
| |
|
<swente> hmm .. this authentication-features .. reams, forms etc. .. i wonder if and how it might be used programmatically, from a servlet
<swente> to be precise, is it possible to ask tomcat for authorization [-> redirecting to the login-page|auth-dialog] from a servlet?
<puff> Yawn.
<jasonb> Hi puff. Have a good Turkey Day?
<jasonb> swente: Yes, it is possible to do that, but usually this means the webapp has its own custom authorization (part of the webapp, not part of Tomcat).
<swente> jasonb: you mean, i have to build the authentication myself, but can use the userdatabase?
<swente> ehm, anyway, it's already late
<jasonb> swente: Usually developers just store the users and p***words however they want, in the db or whatever, but yeah, they do their own auth so that they have full control over when auth is performed, and what exactly happens with the request in all cases.
<swente> mh ok. usually i also do my own auth-stuff, but i thought i could perhaps base on this.
<jasonb> Well, Tomcat decides when to ask for authentication based on the session cookie.. if it's there, then the user is already authenticated. If it's not, it asks the user. So, you could theoretically play with the session cookie inside your servlet(s) or JSP(s) and perform redirects or whatever to p*** control back to Tomcat's container auth.. if you want.
<yel> hello everyone
<jasonb> Hi yel.
<yel> how your doing jasonb ?
<jasonb> I'm doing well. Got a little time to relax this weekend, finally.. but now I feel it'll be a struggle to get anything done this weekend before it's over.
<yel> i wish you good luck with it ;)
<jasonb> Thanks.
<swente> jasonb: anyway, thanks so far -- it's already "early in the morning", i'm off
<yel> i have Tc now supporting ssl connection but sometime not :s
<yel> its the same here have a good sleep ;)
<jasonb> swente: Okay. You're welcome. See ya.
<jasonb> yel: Sometimes it doesn't work?
<yel> yeah well when i try a https to my host it works
<yel> but when a web application trys to vaildate a ticket using such connections it fails
<yel> and i only find in my logs that no trusted certs was found
<yel> its making me a bit confused with my little knowledge
<jasonb> What does "validate a ticket" mean?
<yel> let me just try to explain: well a user request a context which is restricted to authenticated users he get redirected to the central access server which is also an app deployed on tomcat
<yel> he do login there and gets a Ticket
<yel> and he gets redirected there where he comes from
<yel> but this time he is carrying a ticket which should grant him access there
<jasonb> That's all well past where the first-contact HTTPS connection happens, so I can't help with that.
<yel> :s
<yel> the important part is the last one :)
<yel> juts don't care good night i'm off too (4:29 morning)
<Goosemoose> I tried to setup a virtual host in server.xml and I got a jsp file to work when placed in www.goosemoose.com:8080/index.jsp , but I can't figure out where to upload the .war file to get it to deploy properly.
<Goosemoose> Here is what my entry looks like: http://pastebin.com/439437
Return to tomcat
or
Go to some related
logs:
efnet audio app
|
|