João Nuno Silva wrote: > Hi, this is my first question to the list so please be gentle :) > > My question is about a Tomcat feature available when using container > managed authentication. If a user requests a protected resource, Tomcat > first authenticates the user and then processes the initial request > whether it's a GET or a POST. I've been doing an in-house authentication > mechanism which tries to mimic this functionality. > > I'm having a bit of trouble replicating the POST requests after > successful user authentication. I've managed to replicate GET requests > by doing a forward or a sendRedirect to the pre-authentication URL but > with a POST things get harder. Is there any way to achieve this without > using container managed authentication?
Maybe. If I recall correctly, I implemented that using access to the Tomcat internals. You may be able to do this with just the Servlet API but I didn't try. > What if that POST also included > one file upload, would that make it impossible to replicate the request? No. You just read the input, save it and replay it later. Take a look at how Tomcat does this. Classes of interest are: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?view=log http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/SavedRequest.java?view=log Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
