-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remon,
On 10/19/2011 7:57 AM, Remon Sadikni wrote: > I managed to get it working. If you are interested in my solution > for Tomcat 6: I extended the Valve RequestFilterValve and overwrote > the method process with this content: > > // Check the allow patterns for (int i = 0; i < allows.length; i++) > { if (allows[i].matcher(property).matches()) { // create a > principal for an existing fake user final List<String> roles = new > ArrayList<String>(); roles.add("ROLE"); final Principal principal = > new GenericPrincipal(null, "USER", "PASS", roles); // set the > principal in this request request.setUserPrincipal(principal); } } > // pass this request to the next valve (basic authentication) > getNext().invoke(request, response); return; If you overrode the process() method (and I'm sure you changed other things, too, since the variable "allows" is not part of RequestFilterValve), then you really aren't getting anything by extending RequestFilterValve. Note that there has been some grumbling on the list about the use of Matcher.matches() instead of Matcher.lookingAt(): you might want to consider your requirements before choosing one over the other: most regular expression folks will expect the behavior of lookingAt and not matches(). > If the User has an allowed IP address, the UserPrincipal will be > set in this request, so that the next valve (the Basic > Authentication) will not show the login window. If the User has > another IP address, the request will be forwarded to the next valve > without any changes, so that you need to log in. Hey, that's an idea: I didn't think of just shoving the principal into the request. Just be aware that you will do this on every request, because Tomcat isn't storing the Principal anywhere to maintain the "login". > At first I tried solving it with RequestWrappers and changing > Headers, but that failed, because the Basic Authentication Method > tests for the UserPrincipal. It should be doing both, but the Principal is more efficient because you don't have to use "real" user that can be authenticated using the webapp's Realm. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6e3RcACgkQ9CaO5/Lv0PCIQQCdGKJ3w7mLQqir8wDswf2b/Np2 x0cAoKzOb5X9Ka/BRpeWzEWie0UMCQqQ =3Qln -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org