views:

11

answers:

0

Hi,

I have a web-app that authenticates against a JDBC Realm. In the web.xml file I can use BASIC authentication or a custom form:

<auth-method>BASIC</auth-method>
<realm-name>JDBCRealm</realm-name>

or

<auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login.html</form-login-page>
    <form-error-page>/error.html</form-error-page>
  </form-login-config>

The problem is that I want to use both methods in the same web app. Is that possible?

The reason is that my web app will be used from a web browser and from a Java client. For the Java client I need BASIC authentication and for the browser I need a form based login, so that the user can switch his identity (login name and passwort). The latter seems to be impossible with BASIC authetication, since the browser caches the credentials even if the session is destroyed. Closing and restarting the browser is not an option in my use case.

My idea was to put the respective servlets into differnt URL pathes and define diffent login methods for them in the web.xml. But I don't know if that is possible, since the security-constraint is on the same level as the login-config in the web.xml.

<security-constraint>
  <web-resource-collection>
    <web-resource-name>WRCollection</web-resource-name>
    <url-pattern>/basic/*</url-pattern>
  </web-resource-collection>
...

Since both servlets (for Java and for browser) use the same engine and might even interact with each other. That is the reason why I do not want to separte them into differnt apps.

Any ideas?

I am using GlassFishv3, an Eclipse developement environment and no frameworks.