tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arieh Markel <Arieh.Mar...@Central.Sun.COM>
Subject login-config handling (was Re: Help with Interceptors)
Date Thu, 10 Feb 2000 23:58:09 GMT

> Mailing-List: contact; run by ezmlm
> X-No-Archive: yes
> list-help: <>
> list-unsubscribe: <>
> list-post: <>
> Delivered-To: mailing list
> From: Assaf Arkin <>
> To:
> Subject: Re: Help with Interceptors
> > Since as Costin mentioned, this is not implemented yet, I will have to wait
> > until it is in (or implementing myself).
> Yes. Or help us get it implemented. I'm getting LDAP-based
> authentication to work, but I need Tomcat to be receptive of that. Any
> help would be greatly appreciated.
> arkin

I am willing to help get this implemented.

A question that rises is the following:

  In my application, I define two contexts, each one with their respective
  	default		which is the "console" context
  	services	which are things that plug in to the console
  The default context is composed of several servlets that provide what
  constitutes 'console' functionality (navigation, log viewer, alarms,
  'service launching').
  The 'launch' servlet serves as a registrar of servlets on the 'services'
  context. In essence I am doing dynamic incorporation of servlets into the

  The separation allows me to segregate the static portion from the
  dynamic portion.
  I would like that the same 'form-login-page' apply to both contexts.

Inspection of the spec (2.2) indicates that the form-login-page is

	"location in the web app where the page that can be used for
	login can be found"
This appears not to address my need, since I would like to be able to have
the same login page for multiple web apps.


With regards to helping in the implementation, I need some guidance as to
the context on which the checking of prior access to the login-page has
been done.

What are the ideas of implementing this ?


Some of what I have in mind deal with checking HttpSession information.

In our implementation, I wanted to be able to handle the case of users
that do not accept cookies. I maintain a session-id keyed- Hashtable that
maintains valid sessions.

Session (in)existence is the determining factor for redirecting to the


So in general, the default login page needs to be set whenever a URL access
that does not find a session (or a cookie) is detected.


With regards to the handling of the login information, I presume that the
code to support that needs to be in WebXmlInterceptor, right ?

Along the lines of adding a:

	private void processLoginConfig ()

The second part, as I see from the code could be in the context of
the ServletWrapper invocation and the subsequent RequestImpl setting of
the session.


Am I off in my assumption that login-page verification equates session
establishment ?

(That is at least how we treat it in our application).

 Arieh Markel		                Sun Microsystems Inc.
 Network Storage                        500 Eldorado Blvd. MS UBRM11-194
 e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
 Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
 (e-mail me with subject SEND PUBLIC KEY to get public key)

View raw message