Hello, Form authnetificator does form based authentification regarding the corresponding J2EE specifications, which specify the submit name of the username field (j_username), the submit name of the user password (j_passwrd), and that's all. Of course you, developper of webapplication can customize form (adding company logo, etc), but the specs states that user must provide username and password and submit it to /j_security_check url. Adding a captcha in this specs or other informations is not possible like that.
The only 2 ways i see to add captcha and not break specs is either 1) to create a realm that expect the captcha to be appended or perpended to password. eg: j_username: johnSmith j_password: [EMAIL PROTECTED] The realm could probably compare the provided captcha with some value stored somewhere else the j_password field could be constructed, client side, with javascript, from 2 not submitted fields. or 2) Don't rely on container security and provide your own security with you own whatever forms. En l'instant précis du 03/07/07 10:45, rpr_listas s'exprimait en ces termes: > Hi all! > > I'm thinking in implement a captcha > (http://en.wikipedia.org/wiki/Captcha) protection for web-based > authentication. I'm looking in the tomcat surce and the form > authentication seems be implemented by > org.apache.catalina.authenticator.FormAuthenticator class. But I'm > not sure if change this class is the right way. > > Are there other better method to do this? > Must I change the FormAutenticator class or must extend it in other > class and i can refer to it in the tomcat configuration ? > > Thanks in advance and best regards. > Ricardo. > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
