Dear all, I've got a piece of code here which I think might be useful not only for me but others.
Since I believe in sharing knowledge, I'd like to pass it to the ASF so that it might become a part of Tomcat. Problems whch are solved by this Valve: ---------------------------------------------------------- As you may know, j_security_check works as follows: - If a request to some protected content comes in, Tomcat stores this request internally - a html/jsp/servlet is called asking for the login-credentials - the credentials are then passed to j_security_check which then checks Authentication / Authorization (AA) - if AA is ok, the old url, which was stored before, then is requested. However, there are some scenarios where this flow does not work and we would want to always redirect to a *pre-defined starting-page*. There are some options like - http://securityfilter.sourceforge.net - implement your own JAA - JSSO - etc. However, those solutions sometimes are missing something (like i.e. SingleSignOn), or you have to dive into how to implement JAA, a new framework etc. Well, to circumvent all this and make live easier for some of us, I've developed a Valve, which handles those problems: After having declared said Valve in ${catalina.home}/conf/server.xml, the only things that have to be done are: - the protected area needs to be specified in server.xml - the default starting-page needs to be specified in server.xml - the default starting-page *must* be in the protected area Now if a request to the protected content comes in without authorization, the following things happen: - the request will be redirected to the pre-defined starting-page - since the pre-definied starting-page is within the protected area, the login-html/jsp/servlet will be called to ask for the credentials - j_security_check will check the credentials given and redirect to the pre-definied starting-page (i.e. /protected/index.html) Since I believe that this Valve might be useful to some of us, I would like to share the code / docs with the ASF so that it might become part of Tomcat. Could somebody please let me know the steps required? I've read http://tomcat.apache.org/getinvolved.html already, and I've also read http://www.apache.org/foundation/how-it-works.html, however, I'm not really sure of what to do next. Shall I just put the code into the dev-mailinglist? I'm aware that ASF might also decline this Valve becoming part of Tomcat, however, I believe in sharing knowledge, therefore I'm trying it anyway ;) Looking forward to your suggestions! Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
