tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Harbulot <>
Subject Re: Optional authentication
Date Mon, 06 Aug 2007 14:59:36 GMT

Bill Barker wrote:
> You haven't missed anything.  Tomcat simply doesn't try to authenticate a 
> user if  authentication isn't required.  Simplest and most portable is to 
> create a Filter that is configured as the first filter, and takes an 
> auth-method init param to tell it what to use, and then wraps the request in 
> a HttpServletWrapper that overrided getUserPrincipal before sending it on 
> it's way.
> Other options include extending one or more of Tomcat's Authenticators, and 
> configuring your app to use your Authenticator rather than Tomcat's.

Thanks for your reply. It seems like a reasonable way to do it indeed. 
I'm also looking at using JGuard perhaps <>.



To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message