Thanks Jim!
For anyone following along, Jim's suggestion to preface all actions to be
authenticated with "/secure/" works great. Of course, you have to change
all references to those actions in many places, but had I thought of that
idea when I started developing this (my first real) site, it would have
been no extra work.
"Jim Barrows"
<[EMAIL PROTECTED] To: "Struts Users Mailing
List" <user@struts.apache.org>
m> cc:
Subject: RE: Two Qs re:
authentication servlet filter
01/04/2005 01:35
PM
Please respond to
"Struts Users
Mailing List"
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, January 04, 2005 11:17 AM
> To: user@struts.apache.org
> Subject: Two Qs re: authentication servlet filter
>
>
>
>
>
>
> Can anyone help a newbie out? I have a couple of questions:
>
> 1) I am implementing a servlet filter for authentication.
> In my web app,
> a class reunion web site, I want people to be able to login with their
> first and last names and a password, instead of a single ID
> and password,
> so I am NOT configuring form-based security and letting
> TomCat do the work.
> Instead, I am checking authorization myself in this filter.
> Is this sound
> reasoning or does anyone have better ideas?
I know of one other person whose name is James Barrows. No relation to me
at all. Firstname/lastname is probably not unique enough.
>
> 2) In web.xml, in the filter-mapping tag, is there a way to
> say "execute
> this filter to all servlets except /LoginAction.do" I tried
> the following,
> using the regular expression carat, but get an "invalid
> expression" error.
> I'd hate to list all servlets and JSPs that should get the
> filter applied.
All actions that need to have a login should be of the form
"/secure/actionName.do", then set your filter to the secure actions.
> More importantly, sounds like an opportunity for errors as new
> actions/servlets are created but maybe not added to the list of
> filter-mappings. Here's the attempt at mapping that failed:
>
> <filter>
> <filter-name>AuthenticationFilter</filter-name>
> <filter-class>schs82.AuthenticationFilter</filter-class>
> </filter>
>
> <filter-mapping>
> <filter-name>AuthenticationFilter</filter-name>
> <url-pattern>^/LoginAction.do</url-pattern>
> </filter-mapping>
I wish that would have worked too :)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
