Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Container based authentication  RSS feed

 
Milica Zivkov
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am using form-based authentication provided by Tomcat. How can i use this to authenticate user manually, before he try to access protected page?
Any suggestions would be useful, thanks
 
Jaikiran Pai
Sheriff
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch

How about this article
 
Milica Zivkov
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you for that article, it is very useful, but i still didn't find my answer. I wanna have common sign-in form, somwhere in page, where user may authenticates himself. If he authenticates himself before accessing protected Web resources, then he would not be redirected to 'login page' of container authentication. Can this be done?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the article posted by Jaikiran Pai:

Web containers perform the following steps to implement security of a Web application.

1. Determines whether the user has been authenticated when the protected Web resources are accessed.
2. If the user has not been authenticated yet, requests that the user provide security credentials by redirecting to the login page defined in the deployment descriptor.
3. Validates the user's credentials against the security realm configured for the container.
4. Determines whether the authenticated user is authorized to access Web resources defined in the deployment descriptor (web.xml).



Isn't this exactly what you're asking for?
[ July 11, 2007: Message edited by: Ben Souther ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The article explains a lot about your post.

What I guess is you want your own authentication mechanish.You probably do not want to go with the realms that Tomcat comes with. Is that you question ?

If yes , then you are free to write your own realm for Tomcat.
Even Tomcat comes with JAAS realm , using that also you can plug your own authentication module into it.
 
Raghavan Muthu
Ranch Hand
Posts: 3389
Mac MySQL Database Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Look at the Tomcat's Documentation on Realm Section according to your version.

This url is for the Tomcat 5.5 version.
 
Milica Zivkov
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey ppl...maybe my english is not good or something, but i'll try to explain again

I know how form-based authentication works, i configured it with Tomcat, and it works just fine. Problem is exactly in first line of Ben Souther's quote:
"Determines whether the user has been authenticated when the protected Web resources are accessed". How do i authenticate user BEFORE he try to reach protected Web resources? Like somewhere in pages i put little sign-in form(not same as login page from container's mechanisam), when he can submit username and password, and then something happen (what?) behind the scene, he is authenticated, and back to page where he was. Now, when he try to access protected resource for the first time, container already know he is authenticated and dont take him to 'login page'.
 
Satya Maheshwari
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the web-security mechanism kicks-in only when you try to access a secured resource. As I understand, you require to authenticate a user even before he has tried to access the resource. Maybe you can write your own authentication mechanism where you authenticate the user beforehand and use it in case the secured resource is accessed.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Milica Zivkov:
Hey ppl...maybe my english is not good or something, but i'll try to explain again

I know how form-based authentication works, i configured it with Tomcat, and it works just fine. Problem is exactly in first line of Ben Souther's quote:
"Determines whether the user has been authenticated when the protected Web resources are accessed". How do i authenticate user BEFORE he try to reach protected Web resources? Like somewhere in pages i put little sign-in form(not same as login page from container's mechanisam), when he can submit username and password, and then something happen (what?) behind the scene, he is authenticated, and back to page where he was. Now, when he try to access protected resource for the first time, container already know he is authenticated and dont take him to 'login page'.


Are you concerned that the user will have to sign in repeatedly; once for every attempt to access a secure page?
 
Milica Zivkov
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Ben Souther
No, i know when user is once authenticated for some role, he will not be asked to authenticate himself again, for pages that require that role.

@Satya Maheshwari
Correct, that's what i want, just i thought this could be done with container's (Tomcat's) mechanisam for authentication, but seem's like that's not possible.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Couldn't you handle this by setting up your click flow so that the user has to go through a protected page (even if it's just a menu of all the other protected resources) before getting to the others?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!