is there a reason not to use the form-based auth that's built in? Charlie
> -----Original Message----- > From: Johann Uhrmann [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 14, 2002 6:32 AM > To: Tomcat Users List > Subject: Using filters to authenticate users... > > > Hi, > > what do You think about the following idea? > Is it possible at all: > > I am looking for a way to build web applications that can > be used by logging in from a user/password HTML-form. > > To do this, I would like to use the standard API which > would save me reimplementing the JDBC-Realm and Single-SignOn > features which already come with tomcat. > > Is it possible to write a filter, which simply checks > > - the login name > Should be simple (request.getRemoteUser()) > > - in case there is no login name, the filter should read the > parameters "username" and "password"... > > - if there are values for this parameters, get an instance of > org.apache.catalina.Realm and pass on the values to the > authenticate method. > Now, check if request.getRemoteUser() still returns null... > > That should be simple except of getting the proper instance of > org.apache.catalina.Realm. Does someone know how to do that? > > Thank You, > > Hans > > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>