tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Question regarding FormAutenticator
Date Mon, 08 Sep 2008 22:28:34 GMT
Hash: SHA1


Gregor Schneider wrote:
> The only options I'm having seem to be
> - subclass FormAuthenticator and patch Tomcat

Agreed: yuk.

> - use a JAAS-implementation, but I got no Idea if this will work,
> besides, you'll have to deal with the JAAS-implementation (i.e.
> JGuard, JOSS etc.) which again means to spend quite some time to
> understand and customize them.
> In Websphere f.e. you can use a filter, filtering "j_securitx_check"
> and then manipulate request / response, however, that does not work
> within Tomcat.
> A valve would work, but I doupt that I can modify request / response
> in such a valve.

You probably can do this, but this is not particularly ideal.

You could also use securityfilter
(, which is a bit more hackable
than Tomcat itself. sf has a feature which allows you to override the
URL that gets saved when a user is challenged for a login. Instead of
going to the original URL, they are sent to the other URL after login,
which sounds like it's exactly what you want. You'll need to get a copy
from CVS, because this feature is not yet in any release version --
though the code is quite stable.

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message