Re: Is it possible to introduce new authentication method without modifying tomcat?

Thu, 07 Jun 2007 09:01:50 -0700 

Hi!

its an options, i use sometime.
Create a filter.

a class likes this.
public class AuthenticationFilter implements Filter {

        private static Logger log = 
Logger.getLogger(AuthenticationFilter.class);

        public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
                        throws IOException, ServletException {

....

add in web.xml this:

        <filter>
                <filter-name>myAuthfilter</filter-name>
                <filter-class>
                        poker.web.filters.AuthenticationFilter
                </filter-class>
                <init-param>
                        <param-name>LoginURL</param-name>
                        <param-value>/login</param-value>
                </init-param>

                <init-param>
                        <param-name>DeniedURL</param-name>
                        <param-value>/denied.jsp</param-value>
                </init-param>
                
        </filter>

        <filter-mapping>
                <filter-name>myAuthfilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>


you can map a filter to an url-pattern, in this example everything.
in the filter you have the request and response as well.
you could create a response here, so its not get called the servlet,
or anything you called, because the filter dont let.
Or you can say to the filter to countine the processing,  (when authenticated)

read about this on google for details.

i like this because its so simple, and so fast.

regards,
sZabi





2007/6/7, Andrei Tchijov <[EMAIL PROTECTED]>:

Hi,
        I want to be able to add my own authentication method (login-config/
auth-method) as one of possible choices.  Is it possible to do so
without re-compiling tomcat?  Ideally, I would love to be able to
achieve my goal by changing server.xml file (and adding some jars
with my custom code to tomcat).

Before any one suggested that I should write custom Realm: I think it
will not work for me. My authentication method require access to ALL
information available from HTTP Request (not just user name/password)
also in some situations, access to HTTP Response is required as well.
It looks like this method:

        protected abstract boolean authenticate(Request request,Response
response,LoginConfig config) throws IOException;

or AuthenticatorBase class is the best place to be.


Your comments will be highly appreciated,

Andrei Tchijov



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to