Container Managed Authentication does this for you declareivley in web.xml.
Explained in http://edocs.bea.com/wls/docs61/webapp/web_xml.html , part of Servlet spec, see part on security or http://www.amazon.com/exec/obidos/tg/detail/-/1930110596/qid=1032983452/sr=1-1/ref=sr_1_1/103-2679655-4178264?v=glance hth, V. Mark Silva wrote: > hello all, > > I am attempting to write an Authentication Filter (Servlet Filter) for my Stuts App. > It is pretty simple so far. it just checks to see if a User has Authenticated yet >(from the session), and if not calls sendRedirect on the response. code and xml >below.... > > public void doFilter... > ... > HttpSession session = request.getSession(); > > if(!SecurityManager.isUserAuthenticated(session)) > response.sendRedirect("login.do"); > else > chain.doFilter(request, response); > > > <filter> > <filter-name>authenticationFilter</filter-name> > <filter-class>AuthenticationFilter</filter-class> > </filter> > > > <filter-mapping> > <filter-name>authenticationFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > my question, is how i can give the filter a list of pages that are unathenticated. >and to entend that idea, a list of pages that can only be authenticated by an admin. >i have seen that the FilterConfig can be used to get init parameters, but these only >seem to be single values. not a list of potential URLs.... does any one have a >solution to this problem? > > thanks, > mark -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
