tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Anonymous access with Tomcat Authentication configured.
Date Tue, 09 Oct 2007 14:00:52 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Semen,

Semen Vadishev wrote:
> But behavior I need is: 1. If Tomcat gets request with no user
> information data (username/password) it should pass it to servlet and
> then servlet after handling request's URI according to pba config
> file may send SC_UNAUTHORIZED (if it needs authenticated user) or
> SC_FORBIDDEN (if any access denied). 2. If Tomcat gets request with
> username and password it should check them according to
> conf/tomcat-users.xml and if user authenticated pass it to servlet.

You cannot do this with Tomcat's authentication mechanism. You will have
to provide an alternative implementation. I recommend looking st
securityfilter (http://securityfilter.sourceforge.net).

It's implemented as a filter, so it works with any servlet container. It
can work with Tomcat's built-in realms or you can write your own. It
supports unsolicited logins (i.e. you can use your own login page that
submits to j_security_check without having to first request a protected
resource). It has configuration similar to that in web.xml, so you don't
have to learn a new configuration format.

You are free to use securityfilter's authentication mechanisms and
completely skip authorization, which is what it looks like you want to
do (by implementing it yourself).

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHC4mU9CaO5/Lv0PARAm/tAJ4/SAUdOsMlZSugPtOsJaXpFGbRQACfRGov
R26GvoQR29oZmVyMcH0EPmc=
=N9aS
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message