If I implement application-managed security ( I need to use cookies for "Remember Me" ), is there a way to make it such that HttpServletRequest.getRemoteUser() and HttpServletRequest.isUserInRole(java.lang.String role) will respond with values from the actual logged in user ?
I see an old thread from 2001 ( http://mail-archives.apache.org/mod_mbox/struts-dev/200108.mbox/[EMAIL PROTECTED] ) In servlet 2.3, you can legally wrap a request (or response, for that matter, but it's request that matters for this purpose) before handing it on via RequestDispatcher. Indeed, you can set up a Filter that gets control before the servlet does and plays the same game. Therefore, you can modify what isUserInRole() or getUserPrincipal() will return to the called servlet. Now that it is 2007, is the Filter + RequestDispatcher still the way to implement this or is there a better way ? Is there an example of this somewhere out there ? Other options I am thinking of: - write my own Realm implementation ?? - stick with container-based security and find a way to make cookies for "Remember Me" work. -Thanks Steve More --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
