tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Elodie Tasia <>
Subject Re: Customizing login system in Tomcat ?
Date Mon, 14 Apr 2003 14:20:23 GMT

But I thought that filters must be used within a servlet... When you talk about "request",
you mean "servlet request" or any type of request (just a GET to an html page, for example)

> Howdy,
> You'll need some sort of a token, e.g. a cookie on the user's PC or an
> object in the user's session, to identify the fact the user has been
> authenticated.  Since you don't want to modify the HTML pages
> themselves, you can use a Filter-based approach:
> - Write a Filter that processes all requested (i.e. its url-pattern is
> /*)
> - The filter checks the request (if using a cookie) or the session for
> the presence of the authenticated token
> - If token is present, do nothing (call doChain() to pass the request
> forward)
> - If token is absent, forward to your existing authentication servlet
> giving the original request URL as an argument, so that the
> authentication servlet can forward the user there when it's done
> authenticating
> Yoav Shapira
> Millennium ChemInformatics
> >-----Original Message-----
> >From: Elodie Tasia []
> >Sent: Monday, April 14, 2003 10:02 AM
> >To:
> >Subject: Customizing login system in Tomcat ?
> >
> >Hi,
> >
> >As I've been explained, I can use a Form based authentication in
> Tomcat, so
> >that the users can log in.
> >The problem is that I already have my login-system : it's a servlet
> that
> >ccess a database to verify the login/password and, if it's OK, that
> >redirect to another servlet.
> >I would like to use the tomcat's authentication system IN my servlet,
> so
> >the user is identified and has not to login each time he accesses a
> >page (but ONLY when he has logged in and not if he tries to access
> thoses
> >pages from any browser)...
> >
> >Is that possible without changing my html pages (because I can't do
> that :
> >my application is a portal where users can import any type of document
> and
> >visualite it), just modifying the access to the application ?
> >
> >
> >Thanx in advance and excuse me if I insist, but I searched during a
> long
> >time and didn't find any answer to my question on the web :o(
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail:
> >For additional commands, e-mail:
> This e-mail, including any attachments, is a confidential business communication, and
may contain information that is confidential, proprietary and/or privileged.  This e-mail
is intended only for the individual(s) to whom it is addressed, and may not be saved, copied,
printed, disclosed or used by anyone else.  If you are not the(an) intended recipient, please
immediately delete this e-mail from your computer system and notify the sender.  Thank you.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message