----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Once Apache has handed a request to Jserv, is there any way for Jserv to
ask Apache to serve a page (rather than having Jserv stream output back
to Apache)?
Specifically, I'd like to be able to set up the following:
I want to protect access to all the pages off of a certain directory
(restricted/, say). I would like to implement this as follows:
- For any requests which come in off of that directory, invoke an
Authorizer servlet (I can do this using mod_rewrite, I believe).
- The Authorizer servlet will check to see if the user's server-side
session contains an "authorized" token.
If not, Authorizer issues a redirect to a login screen. If the user
successfully authenticates (and is authorized) after posting to that
screen, the authorized token is set in their server-side session
If the user has already been authorized, I would like to have
Authorizer "tell" Apache to serve a static page. This is the part which
I think may be impossible.
The main reason I'd like to do this is performance -- I want to be able
to use this authentication scheme to protect a largely static site. If
I can get Apache to handle the static requests after an authorization
check, it will be a *big* performance win over serving it all through
Java. Beyond that, I very much like that this scheme does not involve
repeated sending of password information -- once the token is set on the
server, the session id is all that gets sent back and forth.
I know that there are various ways to handle this sort of thing via
mod_perl, but, since the bulk of the dynamic stuff will be written in
Java, I'd really like to find a way to implement the security system in
Java as well.
In general, I'd like to be able to write servlets which will act as
filters on Apache's behavior.
Any ideas?
Thanks,
-Dan Milstein
--
Dan Milstein // [EMAIL PROTECTED]
Member of Technical Staff // Capital Knowledge Partners
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
