Just for those who think filters are a new idea, I just wanted to point out that filters have been in the Microsoft world (ISAPI) for years. (Don't worry, I'm not a Microsoft advocate, just pointing out the facts :-).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Kito D. Mann
[EMAIL PROTECTED]
Chief Architect
The Grow Network
(212)889-5678 x105
At 02:56 PM 8/30/01 -0700, you wrote:
Filter is new in the Servlet 2.3 spec. It is an implementation of the Intercepting Filter design Pattern. You can read more about this pattern in the book Core J2EE design patterns. Basically Filters allow you to add services like user authentication easily because filters intercept the request object heading to certain resources that you specify. This is nice because you don't need to make your view components aware of User Authentication, a Filter can handle that.
Glenn
- -----Original Message-----
- From: Andy Noble [mailto:[EMAIL PROTECTED]]
- Sent: Thursday, August 30, 2001 1:50 PM
- To: [EMAIL PROTECTED]
- Subject: Security with Servlet 2.3 API
- I've just read an article that suggests that authentication can be done by a filter in the servlet 2.3 API, which I believe Tomcat 4 will support.
- Having seen other threads, there appears to be a number of methods available, such as:
- 1. subclass ActionServlet
- 2. JSP custom tags
- 3. Check in each Action class
- Has anyone any experience or thoughts on this?
- At the moment, I guess I'm in favour of the ActionServlet subclass just to keep it all in one place, but the filter method also sounds a possibility.
- Andy Noble
