how does it cater for it? Are you saying you can use web.xml to map filters to the j_security_check URL?
Adam
On 04/16/2004 11:41 AM Martin Alley wrote:
FYI this is catered for in tomcat 5 with the filter-mapping/dispatcher element (see servlet 2.4 spec).
Thanks to Bill Barker for the info.
Martin
-----Original Message-----
From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 13 April 2004 16:35
To: 'Tomcat Users List'
Subject: RE: tomcat 4 vs 5 form based container auth & filters
Anyone?
-----Original Message-----
From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 16:42
To: 'Tomcat Users List'
Subject: RE: tomcat 4 vs 5 form based container auth & filters
Thanks Adam
It seems to me that the separation idea is not clear cut. There is certainly a down side. I wonder whether this will stick.
Martin
-----Original Message-----
From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 13:48
To: Tomcat Users List
Subject: Re: tomcat 4 vs 5 form based container auth & filters
I can see Yoav is blitzing the mailing list right now. Perhaps you'll get a more authoritative answer from him or the other hardcore tomcat people.
One of the problems of excluding filters from the authentication request
is to do with character-encoding in the request - I remember someone whose realm included users with user-names containing accented characters that had to be converted to the correct character-encoding for the realm database. He had used a filter to do it but obviously had to find another way.
Adam
On 04/12/2004 02:34 PM Martin Alley wrote:
Except with form based auth, you want the look at feel to be part of
the
application?
What reasons did you hear? :-)
Whilst not knowing the full reasons, it would be nice if there was
some
config switch to control this, other wise it increases application maintainence overhead if you want to change the look and feel.
I'll see if I can find anything in the tc5 release notes on this.
Thanks again Martin
-----Original Message-----
From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 13:13
To: Tomcat Users List
Subject: Re: tomcat 4 vs 5 form based container auth & filters
AFAIK it has something to do with providing a clean seperation between
the authentication (tomcat) and the application (your filter).
I think there were probably several reasons though for it, which outweighed the reasons against, and I have heard a few of them.
Adam
On 04/12/2004 01:50 PM Martin Alley wrote:
Hi Adam,
Why do you think this behaviour changed from tomcat4 ?
I haven't gone into the full architecture of sitemesh, as yet, but I know it includes a filter.
Martin
-----Original Message-----
From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 11:26
To: Tomcat Users List
Subject: Re: tomcat 4 vs 5 form based container auth & filters
Yes your observations are correct. It's my understanding that filters are not invoked until after authentication. i.e. after the form-based login.
I have no experience of site-mesh, but it seems a bit weird anyway to put decorations on a page via a filter - surely you should be encapsulating that sort of stuff in a JSP or taglib?
Adam
On 04/12/2004 11:02 AM Martin Alley wrote:
Can anyone comment on this?
Thanks Martin
-----Original Message-----
From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 09 April 2004 09:53
To: Tomcat Users List
Subject: tomcat 4 vs 5 form based container auth & filters
Hi,
Initial observation indicates that filters get executed when a form
for
form based container auth is served - under tomcat 4, but not under
tomcat 5.
I'm using sitemesh. The decorations go on the form based login page
under tomcat 4, but not under tomcat 5.
I need to do more research, but can any one add to this?
Thanks Martin
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
