A fairly comprehensive layout of supported authentication mechanisms in TC is located at
http://tomcat.apache.org/tomcat-4.1-doc/catalina/docs/api/org/apache/catalina/authenticator/package-summary.html
top-bottom order indicates simplest to deploy to the most secure security algorithm:
AuthenticatorBase
Basic implementation of the Valve interface that enforces the
<security-constraint> elements in the web application
deployment descriptor.
BasicAuthenticator
An Authenticator and Valve implementation of HTTP BASIC
Authentication, as outlined in RFC 2617: "HTTP Authentication: Basic
and Digest Access Authentication."
Constants
DigestAuthenticator
An Authenticator and Valve implementation of HTTP DIGEST
Authentication (see RFC 2069).
FormAuthenticator
An Authenticator and Valve implementation of FORM BASED
Authentication, as described in the Servlet API Specification, Version 2.2.
NonLoginAuthenticator
An Authenticator and Valve implementation that checks
only security constraints not involving user authentication.
SavedRequest
Object that saves the critical information from a request so that
form-based authentication can reproduce it once the user has been
authenticated.
SingleSignOn
A Valve that supports a "single sign on" user experience,
where the security identity of a user who successfully authenticates to one
web application is propogated to other web applications in the same
security domain.
SSLAuthenticator
An Authenticator and Valve implementation of authentication
that utilizes SSL certificates to identify client users.
Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Sun, 31 May 2009 06:53:15 -0700
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Glassfish security - login status
>
> Hi,
>
> My webapplication is secured with Form based security and a JDBC realm. The webapp is built using Facelets.
>
> When I log in to the application i would like to show a "Logout" button. But if I am not logged in, instead a login button must be visible. How can I get the status for the current session, if the user is logged in or not? I hope to be able to do this in a managed bean for example...
>
> Thanks,
> Mattias
> [Message sent by forum member 'nightzero' (nightzero)]
>
> http://forums.java.net/jive/thread.jspa?messageID=348560
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
_________________________________________________________________
Hotmail® has ever-growing storage! Don’t worry about storage limits.
http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage1_052009