Can anyone help a newbie out? I have a couple of questions:
1) I am implementing a servlet filter for authentication. In my web app,
a class reunion web site, I want people to be able to login with their
first and last names and a password, instead of a single ID and password,
so I am NOT configuring form-based security and letting TomCat do the work.
Instead, I am checking authorization myself in this filter. Is this sound
reasoning or does anyone have better ideas?
2) In web.xml, in the filter-mapping tag, is there a way to say "execute
this filter to all servlets except /LoginAction.do" I tried the following,
using the regular expression carat, but get an "invalid expression" error.
I'd hate to list all servlets and JSPs that should get the filter applied.
More importantly, sounds like an opportunity for errors as new
actions/servlets are created but maybe not added to the list of
filter-mappings. Here's the attempt at mapping that failed:
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>schs82.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>^/LoginAction.do</url-pattern>
</filter-mapping>
Thanks very much! You guys on this forum are the greatest. I learn so
much from following various threads...
--
"NOTICE: The information contained in this electronic mail transmission is
intended by Convergys Corporation for the use of the named individual or
entity to which it is directed and may contain information that is
privileged or otherwise confidential. If you have received this electronic
mail transmission in error, please delete it from your system without
copying or forwarding it, and notify the sender of the error by reply email
or by telephone (collect), so that the sender's address records can be
corrected."
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
