tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Mix http and https on one tomcat server?
Date Thu, 18 Jun 2009 21:33:07 GMT
Bruce Edge wrote:
> André,
> thanks for your help.

Well actually, forget all I said, it turns out that it was mostly 
nonsense.  The problem is, that if you use the container (Tomcat) based 
authentication, then the authentication will happen anyway, before it 
even gets to the servlet filter.

So it is really a <Valve> which you need.
A <Valve> "happens" at an earlier stage, before the webapp (and filters) 
are involved, so that would be early enough.

Or else, you have to go for .. well yes, a servlet filter which does 
authentication (instead of the normal Tomcat auth stuff).
There is something like that called SecurityFilter.
(Here :

Don't let this put you down though.  Doing authentication via a filter 
like SecurityFilter is a lot more flexible than with the embedded 
container method.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message