tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <>
Subject Replacing j_sercurity_check
Date Fri, 10 Aug 2001 19:32:59 GMT

	I'm trying to write my own authentication method that uses three
different things to logon (username, password, and a zone or realm).  The
problem that I'm running into is the AccessInterceptor uses an inner class
to bind to the URL for j_security_check and I can't find any easy way to
override it.  That inner class is where the credentials move from the
request to the session, and it only moves the j_username and j_password - I
want to move all form variables into session variables (something like
securityform.<var name>).

	I tried registering my own servlet with the same name by calling
Context.addServlet (and the servlet's constructor set its name) but either
my registration is ignored or its overridden by the AccessInterceptor's.

	I know that I could use some fancy JavaScript on the client browser
to combine two of the fields into one, but I would prefer to just override
the j_security_check processing.

	I also know that I could replace the AccessInterceptor, but copying
this class just to replace one function call in the contextInit method seems
a little excessive.

	I'm using the Tomcat 3.2.1 binary and sources.  Moving to Tomcat 3.3
is an option, but I would prefer not to move to that unless it will solve my
problem.  Tomcat 4 is not an option at this point in time.

	So, there's my challenge.  Is anyone up to helping me solve it?


View raw message