-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 10/14/16 6:08 AM, Mark Thomas wrote: > On 14/10/2016 10:51, André Warnier (tomcat) wrote: >> On 14.10.2016 10:05, Mark Thomas wrote: >>> On 13/10/2016 16:04, Campbell, Lance wrote: >>>> Tomcat 8.0.38 >>>> >>>> In my Eclipse development environment when particular >>>> servlet requests are made I want to simulate going through >>>> Shibboleth prior to Tomcat handling the request. I wanted to >>>> see if this will work. >>>> >>>> In Eclipse within each dynamic web application I would add a >>>> valve to the context.xml file. >>>> >>>> The valve would: >>>> >>>> 1) Check the URL request. >>>> >>>> 2) If the URL string matches a list then it will add >>>> particular name value pairs to the request. >>>> >>>> Example of a possible valve: >>>> >>>> <Valve className="my.valves.ShibbolethSimulationValve" /> >>>> >>>> >>>> 1) Can a valve actually identify a particular URL path? >>> >>> Yes. Valves have access to Tomcat's internal request and >>> response objects. >>> >>>> 2) Can a valve add an attribute to the request prior to >>>> the servlet getting the request? >>> >>> Yes. >> >> Apologies for barging in. Does that mean that, at this point, >> the request is still "mutable" ? (at the servlet filter level, it >> isn't, as far as I know). > > Mostly, yes since a Valve has direct access to the internals. > > In a Filter you are limited to what you can do with > HttpServletRequest. It isn't completely immutable (setAttribute(), > setCharacterEncoding(), changeSessionId()) but you have a lot less > scope for changing the request. In both cases (Filter, Valve), it's possible to wrap the request object (HttpServletRequest in the case of a Filter, (Tomcat) Request in the case of a Valve) and basically change anything you want. There are certainly things you can't do and expect everything to work -- for example, disconnecting the input streams, etc. but many things are possible including intercepting calls to the request methods, which is of course the most interesting thing that you can do in general. Tomcat does not include wrapper classes for its Request and Response objects, but there are examples includes in a long-standing Bugzilla issue[1] that anyone is welcome to use. In general, I would say that anything that *can* be done in a Filter *should* be done in a Filter (as opposed to a Valve). In the OP's case, it might not be entirely possible if his operation needs to affect the way that authentication is done, since that is typically done (for container-based authentication) in Valves before any Filter is called. - -chris [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=45014 -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYBOa/AAoJEBzwKT+lPKRY+GoQAKTCrNRDzJlo9ZVJW4KkaWXr hdkBBfQDSIcfnuPXratMdz9WBpyXBVocdq+tqPuDCAhnsT+0hbND+hnHKGW07IZ2 Q5kfZZNc9t9WEMFWo/wUkdmlC55VMxGIRHfLplhbv6ldBv6/XB5JfgBUNUXVCmfq GzFQ6Es5IG3/5iTD79RypYU2yZ38or4eNff6Os/MKOFajUFDKjnzlTGUa5hN8T7z aNg7IKrFWgQhqFt8jBHLpTGJt28vNZ/kriEr47YbiO5MviC6mYi15fhdMEMaG0JT RsNUhLlLuBuCscdElG93LYNDOL8MEwwR3gXRfpq2nfdW9cIY3w8xmgd+mY/VpaIj DnULQ6Ghx7XD/kJWM4dSutRjPWKFKiaGO4kTnDwEPRLACr2O6YZlFzldrAWtbWpf GTDtjssFcX7xD/tWjHzD37kfiCAnJjZTGBAEDQcdKwD0M9wLxqIzSaZqRewlTOKT wjy76PnJE3HFUjRRAXh6iEBRFyb+J9En6i7jGPsplV0aLk6gQB3d8vH0Ggw2qUJz uIFV5zuNacAqvEvIHb9wBAFxhUlGrftewQpGUK5ZaNjIpgcOeH5KphoAY8KcNKsO SrcS/i6vS/Uxtiu9JaCk0zMdqIyc1rHHm/UigjjAg5chOvC1KlMeHRgrb7SVPx8z 9cSDZ3M+LFWXGKvyP/rx =kP1+ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
