Johannes Meyer wrote:
Hello all,
I'm developing a web application with asynchronous techniques (ExtJS).
The most pages are secured with a "security-constraint", so the user
has to log in at first.
The users gets prompted a login dialog and can type in his username
and password. The data will be sent asynchronous to the server and the
user should be logged in.
How can I implement it at best?
I tried to work with FORM-authentication but it is not very elegant.
Is there any solution to make an AJAX-Authentication?
Or can I build a servlet, that logs the user in, without show him any dialogs?
Hi.
Almost any HTTP authentication requirement can be solved, but whether it is easy,
difficult, or impossible depends a lot on the details of the situation.
So you will need to provide some additional data if you want more help.
E.g.
Is this an Internet server with clients being anywhere, or is it a purely
Intranet situation ?
If Intranet, are you using any form of Windows domain authentication ?
What are the browsers ? (it can matter, if the Ajax in the browser uses its own connection
and authentication, or shares it with the browser in general)
What degree of security does this require ?
Do the Ajax calls address the same host & webapp as the ones which the browser
accesses ?
Are you using some specific Ajax library to make those calls ? (if yes, which
authentication methods does it support ?)
Do you have an Apache httpd in front of Tomcat, or can you set one up ? (there are more
authentication variations available for httpd than for tomcat, and the httpd-level
authentication can be forwarded to tomcat)
etc..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
