Re: Can I use apache authentication for servlet?

Fri, 6 Aug 1999 06:43:00 -0700 

-----------------------------
Please read the FAQ!
<http://java.apache.org/faq/>
-----------------------------

> I can protect the whole zone with <Location /myzone/> but I cannot
> protect a specified servlet with <Location /myzone/MyServlet>
> and also I cannot protect specified files with
> <Location /myzone/MyServlet/path/somefile.html>
> 
> How can it be done ?

Try this.

Put your servlets under the path /myzone/servlets and mount your extra
files at the path /myzone/. Then, you can protect any extra files in
your path (i.e. /myzone/path/somefile.html) with standard Apache
authentication.

And here is what I am using to protect certain servlets. At the start
of the doGet/doPost method for each servlet you wany protected, have
the servlet try to get a value from the current session such as "user".
If the value is not present (the user is not logged in...) store the
current "request URL" in the current session and then redirect the user
to an authentication servlet. That servlet should present the user with
a login form, and then perform authentication (in any way you like). If
the user succeeds in authenticating, store a "user" value into the
session ("login" the user), pull the "request URL" out of the session
object and redirect the user back to that page. Now that the user is
"logged in" (that the "user" value will be present in the session), the
original page should allow the user to access it normally.

A good example/description of this can be found at the following URL:
  http://www.servlets.com/jsp/examples/ch08/index.html#ex08_03

To keep your "extra file" authentication in sync (same usernames and
passwords) you might be able to use one of the apache authentication
modules, and then duplicate what it does to check a user in the
authenticate part of your authentication servlet.

Hope some of this helps...

Paul


--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to