-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
On 10/13/2011 2:11 PM, Caldarale, Charles R wrote: >> From: Alejandro Soto [mailto:smalejan...@gmail.com] Subject: Re: >> filters on j_security_check > >> what i need is to know if the authentication was successful or >> not > > What are you going to do with said information? > >> I just need to know that status and has to be before the >> authentication mechanism continues. > > Why? It seems like you might actually need to write a custom > <Realm>, not a filter. Checking for authentication pass/fail can be done in a Realm, but you can't really do anything with the information other than write it to the database. And all you have is username/password (or other credential-only information) to log. This is one of the reasons I switched to SecurityFilter: there is a FlexibleRealmInterface that passes-in the HttpServletRequest that was used to attempt authentication. That allows you to get nice things like the ip address of the request for logging. >> I am trying to invoke j_security_check from inside another >> servlet. > > That sounds really, really wrong. Yes. Yes, it does. If you (Alejandro) want to trigger authentication manually, servlet 3.0 has added the HttpServletRequest.authenticate method to allow you to do this yourself. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6XRM4ACgkQ9CaO5/Lv0PBgoQCcC7SCZRzkx15PLBVLRxW45198 C6EAn2Q6RjtCy2VvbWBYvzIB4tkQZzqG =Y+bH -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org