Geofrey Rainey wrote:
Hi Mark,
Yes i've read that document many times. However still need a few
pointers
on writing the Login Module and how it integrates with the
Callbackhandler
to create the popup dialog. I can't really find any comprehensive doco
on this.
If you are talking about the standard browser popup login dialog :
this popup dialog is built-in into the browser. The browser
automatically pops it up when it requests some webserver resource which
happens to be protected, and receives a certain status code response
from the server (401 Unauthorized), along with a "WWW-Authenticate:"
HTTP header .
When the user fills in this dialog (user-id, password) and clicks OK,
the browser re-issues the same request, together with a new HTTP request
header "Authorization:" containing some coded form of the
user-id/password.
It is then the webserver's job to decode this, and grant access or not.
See here for details :
http://tools.ietf.org/html/rfc1945#section-11
The gist is : you will not find the creation of this login dialog window
in any server-side code, because it is a browser-side thing. The server
just sends a 401 response to "make it happen".
The above is valid for the HTTP "Basic" and "Digest" authentication schemes.
Things are different if you are talking of an AAA scheme that uses a
HTML login page, SSL etc..
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
