On Wed, 14 Nov 2001, Pritpal Dhaliwal wrote:
> Date: Wed, 14 Nov 2001 22:13:06 -0800
> From: Pritpal Dhaliwal <pspirte@ucdavis.edu>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> Subject: Authentication Filter
>
> Is there an authentication filter that could be used with Servlet Spec 2.3.
You could certainly use a filter to write your own authentication support.
> Does tomcat 4 come with one that could be used?
Tomcat 4 supports standard container-managed security, but it is not done
with Filters. You could write your own, however, along the following
lines:
* Map your filter to URL pattern "/*" so that it sees all the
requests to this application.
* Check if the user has already logged on, by looking
for an object in the user's session.
* If the user is logged on already, go ahead and pass
the request on to whatever they asked for. (You will also
want to let them see the login page itself, so that they
actually can log in.)
* If the user is not logged in, do a RequestDispatcher.forward()
to the login page and then return without passing the request on.
* In your login processing, create the appropriate object
in the user's session so that the next request
will find it there.
There's lots of variations on this theme, depending on precisely how you
want to authenticate people.
>
> Thanks in Advance,
>
> Pritpal Dhaliwal
>
Craig
--
To unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
|