Alec- Here are the index.jsp contents from securityfilter <h2>POST to the Secure Page</h2> This form POSTs to the Secure Page. By entering a value here and clicking the submit button below, you can verify that POSTed parameters are maintained through the login sequence. <form id="<%=Constants.HOME_FORM_ID%>" action="<%=response.encodeURL(request.getContextPath() + "/securePage.jsp")%>" method="POST"> <input type="text" name="<%=Constants.HOME_POST_FIELD%>"> <input type="submit"> </form>
make sure you supply a valid url to securePage.jsp (now its supplied as) request.getContextPath() + "/securePage.jsp supply valid values for HOME_FORM_ID public static final String HOME_FORM_ID = "homeForm"; and valid value for HOME_POST_FIELD now initialised to public static final String HOME_POST_FIELD = "postMe"; got it working on my server if you need a link Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Tue, 2 Jun 2009 16:08:58 -0600 > Subject: Re: Authentication from the browser > From: alecs...@gmail.com > To: users@tomcat.apache.org > > > > > ? You can't put HTTP headers "in" a link, unless you're processing > > it through some proxy mechanism... > > > > Looks like the last SecurityFilter build was released on Dec. 14, 2004, > which makes me hesitant to use it. > > I am wondering if it is possible to use JavaScript to include the user name > and password in the HTTP header when the link is clicked. According to the > following statement I borrowed from > http://securityfilter.sourceforge.net/this won't work either: > "With container managed security, the container will not process login > requests unless the container itself has initiated the authentication > sequence .." > > Does this mean that there is no way to authenticate against Tomcat server > unless the server initiated the request itself? > > > > > Does this give you enough information to propose a solution? > > > > I suspect you need to write your own solution, though this: > > http://securityfilter.sourceforge.net/ > > :: has been recommended by others on this list many times, and > > might help (I've never used it). > > > > HTH, > > -- > > Hassan Schroeder ------------------------ hassan.schroe...@gmail.com > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > _________________________________________________________________ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009
