tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Layman <randy.lay...@aswethink.com>
Subject RE: Replacing j_sercurity_check
Date Fri, 10 Aug 2001 20:02:20 GMT

	Actually that's what I tried - in my Realm (which is a
RequestInterceptor) in both the ContextInit and the authenticate methods, I
try calling the Context.addServlet.  If I put my Realm either before or
after the AccessInterceptor my handler doesn't get called.  I'm guessing
that I'm missing a different call.

	What I think I'm going to do is to copy AccessInterceptor and then
make it take parameters for each of the handlers that it uses (there are
about 4 or 5 different handlers hard coded), defaulting to copies of the
ones provided with Tomcat.  (It turns out the classes aren't inner classes,
but other classes defined in the same file, which means I can't access them
outside of the AccessInterceptor class).

	Thanks for your suggestion.

	Randy


> -----Original Message-----
> From: Larry Isaacs [mailto:Larry.Isaacs@sas.com]
> Sent: Friday, August 10, 2001 4:32 PM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: RE: Replacing j_sercurity_check
> 
> 
> Randy,
> 
> I haven't looked deeply into doing this kind of thing,
> but you might try writing your own interceptor that
> overwrites/replaces what it need in the Context.  Then
> place your interceptor after the AccessInterceptor in
> the server.xml file so it can "update" the context.
> However, I'm not sure that is less work than duplicating
> the class and customizing it.
> 
> There have been updates to AccessInterceptor from 3.2.x
> to 3.3, but I believe fundamentally it operates the
> same way.
> 
> Cheers,
> Larry
> 
> > -----Original Message-----
> > From: Randy Layman [mailto:randy.layman@aswethink.com]
> > Sent: Friday, August 10, 2001 3:33 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Replacing j_sercurity_check
> > 
> > 
> > 
> > 	I'm trying to write my own authentication method that uses three
> > different things to logon (username, password, and a zone or 
> > realm).  The
> > problem that I'm running into is the AccessInterceptor uses 
> > an inner class
> > to bind to the URL for j_security_check and I can't find any 
> > easy way to
> > override it.  That inner class is where the credentials 
> move from the
> > request to the session, and it only moves the j_username and 
> > j_password - I
> > want to move all form variables into session variables 
> (something like
> > securityform.<var name>).
> > 
> > 	I tried registering my own servlet with the same name by calling
> > Context.addServlet (and the servlet's constructor set its 
> > name) but either
> > my registration is ignored or its overridden by the 
> > AccessInterceptor's.
> > 
> > 	I know that I could use some fancy JavaScript on the 
> > client browser
> > to combine two of the fields into one, but I would prefer to 
> > just override
> > the j_security_check processing.
> > 
> > 	I also know that I could replace the AccessInterceptor, 
> > but copying
> > this class just to replace one function call in the 
> > contextInit method seems
> > a little excessive.
> > 
> > 	I'm using the Tomcat 3.2.1 binary and sources.  Moving 
> > to Tomcat 3.3
> > is an option, but I would prefer not to move to that unless 
> > it will solve my
> > problem.  Tomcat 4 is not an option at this point in time.
> > 
> > 	So, there's my challenge.  Is anyone up to helping me solve it?
> > 
> > 	Randy
> > 
> 

Mime
View raw message