Hash: SHA256


On 10/14/16 6:08 AM, Mark Thomas wrote:
> On 14/10/2016 10:51, André Warnier (tomcat) wrote:
>> On 14.10.2016 10:05, Mark Thomas wrote:
>>> On 13/10/2016 16:04, Campbell, Lance wrote:
>>>> Tomcat 8.0.38
>>>> In my Eclipse development environment when particular
>>>> servlet requests are made I want to simulate going through
>>>> Shibboleth prior to Tomcat handling the request.  I wanted to
>>>> see if this will work.
>>>> In Eclipse within each dynamic web application I would add a
>>>> valve to the context.xml file.
>>>> The valve would:
>>>> 1)      Check the URL request.
>>>> 2)      If the URL string matches a list then it will add
>>>> particular name value pairs to the request.
>>>> Example of a possible valve:
>>>> <Valve className="my.valves.ShibbolethSimulationValve" />
>>>> 1)      Can a valve actually identify a particular URL path?
>>> Yes. Valves have access to Tomcat's internal request and
>>> response objects.
>>>> 2)      Can a valve add an attribute to the request prior to
>>>> the servlet getting the request?
>>> Yes.
>> Apologies for barging in.  Does that mean that, at this point,
>> the request is still "mutable" ? (at the servlet filter level, it
>> isn't, as far as I know).
> Mostly, yes since a Valve has direct access to the internals.
> In a Filter you are limited to what you can do with
> HttpServletRequest. It isn't completely immutable (setAttribute(),
> setCharacterEncoding(), changeSessionId()) but you have a lot less
> scope for changing the request.

In both cases (Filter, Valve), it's possible to wrap the request
object (HttpServletRequest in the case of a Filter, (Tomcat) Request
in the case of a Valve) and basically change anything you want. There
are certainly things you can't do and expect everything to work -- for
example, disconnecting the input streams, etc. but many things are
possible including intercepting calls to the request methods, which is
of course the most interesting thing that you can do in general.

Tomcat does not include wrapper classes for its Request and Response
objects, but there are examples includes in a long-standing Bugzilla
issue[1] that anyone is welcome to use.

In general, I would say that anything that *can* be done in a Filter
*should* be done in a Filter (as opposed to a Valve). In the OP's
case, it might not be entirely possible if his operation needs to
affect the way that authentication is done, since that is typically
done (for container-based authentication) in Valves before any Filter
is called.

- -chris

[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=45014
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to