tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Böhringer Jochen <>
Subject Executing Valve before Basic Authentication takes place
Date Mon, 03 Jul 2006 16:34:12 GMT

I try to get the following to work (Apache Tomcat/5.5.9 as ServletContainer within JBoss 4.x):

I have a servlet inside a web application which is protected by Basic Authentication. The
problem is that I have some clients which cannot do the challenge response basic authentication
needs. They are identified via the hardware serial number of their device which is submitted
in the request.

So I want to do a lookup in an own database table containing a mapping from the hardware serial
number to the user's username and password and then add the basic authentication authorization
header before tomcat/JBoss does the authorization.

I developed a simple valve to test:

public class PenFrameworkAuthenticationValve extends ValveBase {

    public void invoke(Request request, Response response) throws 	IOException, ServletException
        Log log = container.getLogger(); + " called.");

        request.addHeader("Authorization", "Basic am9jaGVuYjpqb2NoZW5i");

        this.getNext().invoke(request, response); + " finished.");

But the problem is, that this valve is called after the basic authentication took place (exactly
as it happens if I try to use a servlet filter).

Is there another possibility to achieve what I want using JBoss or Tomcat functionality?

Kind regards

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message