Using BASIC and FORM authentication in the same webapp

[Vincent Aumont]

Hi,

My application has two types of clients: HTML and WML (for small 
devices). The controller (Struts) takes care of selecting the 
appropriate JSP (html or wml) for each client.

WML clients must use BASIC authentication (they dont support cookies 
and url rewriting is not an option). For HTML clients, I want to use 
FORM authentication.

Unfortunately, the servlet spec supports only one authentication method 
per web application.
I started by creating two web apps, differing only by the authentication 
mode definition in web.xml. But I really want to have one single 
application.

My solution consists in adding a Valve that sets the right authenticator 
in the pipeline, based on the client type (I determine the clients type 
by examining the request header).

The code looks like this:

public void invoke(Request request,
Response response,
ValveContext context)
throws IOException, ServletException
{
if ((request instanceof HttpServletRequest) &&
((HttpServletRequest) request).getUserPrincipal() == null) {
if (request.getContext() instanceof ContainerBase) {
ContainerBase container = (ContainerBase) request.getContext();
// remove the existing authenticator
Valve[] valves = container.getValves();
for (int i=0;i<valves.length;i++){
if (valves[i] instanceof Authenticator){
container.removeValve(authenticator);
}
}
// add the apropriate authenticator
Authenitcator authentication = new &&
container.addValve((Valve)authenticator);
// Next valve
context.invokeNext(request, response);
}

Can you think of a better/smarter way to achieve the same result?

Thanks,

-Vincent.



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]