-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gordon,
Hyatt, Gordon wrote: | I had everything working correctly using container-based security (using | digested passwords), including denying DELETE and PUT requests. But, | due to the "enhanced" password encryption requirements of this site (a | requirements change near the time of delivery - a simple one-way digest | was deemed insufficient), I cannot use container-based authentication. :( | So I decided on the fallback to write a simple filter to handle the | authentication and redirection with Struts-based forms (simply because | the rest of the site uses Struts) and handle the actual authentication | (including password encryption) in a Struts Action. In order for the | filter to receive the request, I had to remove some of the | container-based security (the PUT and DELETE security-constraint still | exists). You should check out securityfilter (http://securityfilter.sourceforge.net/) which does exactly what you want. Yes, you will have to write your own "realm" type thing, but at least you are not tying yourself to Tomcat (which isn't so bad, really). | The only other way I could think of handling the password encryption | scheme was to write a custom Realm, which at the time, seemed | over-the-top to me. Looking back, perhaps a custom Realm would have | been the way to go. Yeah, it wouldn't have been too bad. If you want to use something a little more flexible than Tomcat's built-in security, you could look at securityfilter. It gives you a little more freedom with the requirements (for instance, you can do drive-by logins) and doesn't tie you to a specific container. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkf1DUoACgkQ9CaO5/Lv0PAB/wCeJMGFc4p27acQGipcSdOIXqGA Ud0AoLV1bFcwNfz0d1pjVnF8MvRrIaJ9 =ye77 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
