Hi Chris,
If you overrode the process() method (and I'm sure you changed other things, too, since the variable "allows" is not part of RequestFilterValve), then you really aren't getting anything by extending RequestFilterValve.
but "allows" is part of RequestFilterValve. I only extended this class. I took the same invoke() method as RequestAddrValve, so that I get the IP-address of the user:
public void invoke(Request request, Response response) throws IOException, ServletException { process(request.getRequest().getRemoteAddr(), request, response); } and overwrote the process method to react on this IP address.
Note that there has been some grumbling on the list about the use of Matcher.matches() instead of Matcher.lookingAt(): you might want to consider your requirements before choosing one over the other: most regular expression folks will expect the behavior of lookingAt and not matches().
I will look at it.
Hey, that's an idea: I didn't think of just shoving the principal into the request. Just be aware that you will do this on every request, because Tomcat isn't storing the Principal anywhere to maintain the "login".
That's ok for me. Regards, Remon --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org