tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Customizing login system in Tomcat ?
Date Mon, 14 Apr 2003 14:11:45 GMT

You'll need some sort of a token, e.g. a cookie on the user's PC or an
object in the user's session, to identify the fact the user has been
authenticated.  Since you don't want to modify the HTML pages
themselves, you can use a Filter-based approach:
- Write a Filter that processes all requested (i.e. its url-pattern is
- The filter checks the request (if using a cookie) or the session for
the presence of the authenticated token
- If token is present, do nothing (call doChain() to pass the request
- If token is absent, forward to your existing authentication servlet
giving the original request URL as an argument, so that the
authentication servlet can forward the user there when it's done

Yoav Shapira
Millennium ChemInformatics

>-----Original Message-----
>From: Elodie Tasia []
>Sent: Monday, April 14, 2003 10:02 AM
>Subject: Customizing login system in Tomcat ?
>As I've been explained, I can use a Form based authentication in
Tomcat, so
>that the users can log in.
>The problem is that I already have my login-system : it's a servlet
>ccess a database to verify the login/password and, if it's OK, that
>redirect to another servlet.
>I would like to use the tomcat's authentication system IN my servlet,
>the user is identified and has not to login each time he accesses a
>page (but ONLY when he has logged in and not if he tries to access
>pages from any browser)...
>Is that possible without changing my html pages (because I can't do
that :
>my application is a portal where users can import any type of document
>visualite it), just modifying the access to the application ?
>Thanx in advance and excuse me if I insist, but I searched during a
>time and didn't find any answer to my question on the web :o(
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message