tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Harbulot <Bruno.Harbu...@manchester.ac.uk>
Subject Re: Optional authentication
Date Mon, 06 Aug 2007 14:59:36 GMT


Bill Barker wrote:
> 
> You haven't missed anything.  Tomcat simply doesn't try to authenticate a 
> user if  authentication isn't required.  Simplest and most portable is to 
> create a Filter that is configured as the first filter, and takes an 
> auth-method init param to tell it what to use, and then wraps the request in 
> a HttpServletWrapper that overrided getUserPrincipal before sending it on 
> it's way.
> 
> Other options include extending one or more of Tomcat's Authenticators, and 
> configuring your app to use your Authenticator rather than Tomcat's.

Thanks for your reply. It seems like a reasonable way to do it indeed. 
I'm also looking at using JGuard perhaps <http://jguard.net/>.

Regards,

Bruno.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message