-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To whom it may concern,
(Can you set your name in your email client? It's irritating to write to
an email address that doesn't indicate a name. You also don't include
your name in your posts.)
removeps-gro...@yahoo.com wrote:
> URL url = new
> URL("https://localhost:6143/mywebservice/action/j_security_check";);
> HttpURLConnection connection = (HttpURLConnection)
> url.openConnection();
> connection.setRequestMethod("POST");
As Chuck pointed out (without saying it explicitly), Tomcat does not
allow drive-by logins. If you need this feature, you will have to either
hack Tomcat or use a separate tool.
Securityfilter (http://securityfilter.sourceforge.net) is a replacement
for container-based authentication and authorization and allows you to
do drive-by logins if you wish (that is, POST directly to
j_security_check with a username and password).
In any case, you'll have to do JSESSIONID management yourself on the
client, either by reading the JSESSIONID cookie, or sniffing the
"jsessionid" request parameter returned in redirect URLs provided by the
server. I recommend the cookie option.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklRg+cACgkQ9CaO5/Lv0PAL7gCeP+Ju7YO/f4bydl93c05OWPtU
JOoAnRcadfJf74VaVS5Nk7Dy57c3UcfS
=oKSE
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
