tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Szabolcs Márton" <marton.szabo...@gmail.com>
Subject Re: Is it possible to introduce new authentication method without modifying tomcat?
Date Thu, 07 Jun 2007 16:01:26 GMT
Hi!

its an options, i use sometime.
Create a filter.

a class likes this.
public class AuthenticationFilter implements Filter {

	private static Logger log = Logger.getLogger(AuthenticationFilter.class);

	public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
			throws IOException, ServletException {

....

add in web.xml this:

	<filter>
		<filter-name>myAuthfilter</filter-name>
		<filter-class>
			poker.web.filters.AuthenticationFilter
		</filter-class>
		<init-param>
			<param-name>LoginURL</param-name>
			<param-value>/login</param-value>
		</init-param>

		<init-param>
			<param-name>DeniedURL</param-name>
			<param-value>/denied.jsp</param-value>
		</init-param>
		
	</filter>

	<filter-mapping>
		<filter-name>myAuthfilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>


you can map a filter to an url-pattern, in this example everything.
in the filter you have the request and response as well.
you could create a response here, so its not get called the servlet,
or anything you called, because the filter dont let.
Or you can say to the filter to countine the processing,  (when authenticated)

read about this on google for details.

i like this because its so simple, and so fast.

regards,
sZabi





2007/6/7, Andrei Tchijov <andrei@tchijov.com>:
> Hi,
>         I want to be able to add my own authentication method (login-config/
> auth-method) as one of possible choices.  Is it possible to do so
> without re-compiling tomcat?  Ideally, I would love to be able to
> achieve my goal by changing server.xml file (and adding some jars
> with my custom code to tomcat).
>
> Before any one suggested that I should write custom Realm: I think it
> will not work for me. My authentication method require access to ALL
> information available from HTTP Request (not just user name/password)
> also in some situations, access to HTTP Response is required as well.
> It looks like this method:
>
>         protected abstract boolean authenticate(Request request,Response
> response,LoginConfig config) throws IOException;
>
> or AuthenticatorBase class is the best place to be.
>
>
> Your comments will be highly appreciated,
>
> Andrei Tchijov
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message