> From: Bruce Edge [mailto:bruce.e...@gmail.com] > Subject: Custom valve, how to change role? > > ...or am I completely off in left field and should scrap > this before someone gets hurt and just use securityfilter?
If you really insist on differentiating internal and external requests, then quite likely you should just use securityfilter - it should be a *lot* easier. Writing a custom valve ties you into Tomcat, and possibly a particular version of Tomcat, since valves are not part of the servlet spec (filters are). If you really want to write a valve, look at the source for something that is related to what you want, such as: org/apache/catalina/authenticator/SingleSignOn.java and related files. Personally, I'd just have the internal requests authenticate like everyone else. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
