In the past I have worked with applications that implemented
authentication at the web server (IIS) with an ISAPI filter. The filter
would look at every request and if was requesting a secured resource
then it would look for a validation token (guid on url, for instance).
If it is ok, then requested would be passed on through, if not the
requested would be redirected to a login page.
The nice thing about this approach was that the authentication was
completely separate from the page. A specific page need not have any
authentication code in it or called by it. No convention or enforced
upon the page developer.
I have tried doing this by mapping a servlet to "/" but it recurses as
the request is forwarded.
I have also seen this described as looking to provide a site wide
servlet. I haven't seen any answers though.
So can a servlet be implemented to work in the same fashion as an ISAPI
filter? Seems like a natural to me.
thanks in advance for anyone with an opinion. jeff
------------------------------------------------------------------------------
Archives: http://www.egroups.com/group/jrun-interest/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/jrun_talk
or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the
body.
