if( hreq.getMethod().toUpperCase().equals("POST") && hreq.getParameter("username") != null && hreq.getParameter("password") != null ) { username = hreq.getParameter("username"); password = hreq.getParameter("password");
principal = context.getRealm().authenticate(username,password);
if (principal != null) {
register(request, response, principal, Constants.BASIC_METHOD,
username, password);
return (true);
}
}
I read in the lists somewhere that if I add a custom Authenticator it will disable the Basic Authenticator. Can I separate this code out and chain the Authenticators together? What level should I configure the Valve at for the Authenticator?
Incidentally, I tried like hell to do this with a Valve. It seems like no matter which container you put the Valve in the Basic Authenticator always runs first and causes the login dialog to popup in the browser. It would be great if anyone could confirm this or explain the ordering of valves and authenticators to me a little better. Here is the code I used for the valve approach:
if( req.getMethod().equals("POST") ) {
if( req.getParameter("username") != null && req.getParameter("password") != null ) {
String unencoded = req.getParameter("username") + ":" + req.getParameter("password");
String encoded = new String(Base64.encode(unencoded.getBytes()));
HttpRequest hreq = (HttpRequest) request;
hreq.setMethod("GET");
hreq.addHeader("AUTHORIZATION", "BASIC " + encoded);
log("HTTP Basic Credentials: " + unencoded );
} }
Thanks for any help,
Ryan Rhodes
_________________________________________________________________
Get fast, reliable access with MSN 9 Dial-up. Click here for Special Offer! http://click.atdmt.com/AVE/go/onm00200361ave/direct/01/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]