tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Authentication Filter
Date Thu, 15 Nov 2001 18:53:49 GMT

On Wed, 14 Nov 2001, Pritpal Dhaliwal wrote:

> Date: Wed, 14 Nov 2001 22:13:06 -0800
> From: Pritpal Dhaliwal <>
> Reply-To: Tomcat Users List <>
> To: Tomcat Users List <>
> Subject: Authentication Filter
> Is there an authentication filter that could be used with Servlet Spec 2.3.

You could certainly use a filter to write your own authentication support.

> Does tomcat 4 come with one that could be used?

Tomcat 4 supports standard container-managed security, but it is not done
with Filters.  You could write your own, however, along the following

* Map your filter to URL pattern "/*" so that it sees all the
  requests to this application.

* Check if the user has already logged on, by looking
  for an object in the user's session.

* If the user is logged on already, go ahead and pass
  the request on to whatever they asked for.  (You will also
  want to let them see the login page itself, so that they
  actually can log in.)

* If the user is not logged in, do a RequestDispatcher.forward()
  to the login page and then return without passing the request on.

* In your login processing, create the appropriate object
  in the user's session so that the next request
  will find it there.

There's lots of variations on this theme, depending on precisely how you
want to authenticate people.

> Thanks in Advance,
> Pritpal Dhaliwal


To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message