A Valve is similar to a Filter, except that it is specific to Tomcat. The reason to use a Valve here (instead of a Filter) is that Authentication happens before any of the Filters get a chance to be called. However Valves get called before Authentication, so you still have a chance to change things. So leaving out the hard parts, you would have something like:
public class MySingleSignonValve implements Valve { public MySingleSignonValve() { } public String getInfo() { return "MySingleSignonValve/1.0"; } public void invoke(Request request, Response response, ValveContext context) throws IOException, ServletException { String userName = getUserName(request); // Your implementation if( userName != null ) { String userPass = getUserPass(request, userName); // Your implementation String creds = userName + ":" + userPass; String b64Creds = new String(Base64.encode(creds.getBytes())); request.setAuthorization(b64Creds); // Probably redundant, but can't hurt request.addHeader("Authorization","Basic " + b64Creds); } context.invokeNext(request, response); } // Your methods here } The tricky part is to figure out if the user has logged on before (which is left as an exercise for the reader :). Tomcat's SingleSignOnValve is a good place to look for ideas. Also, for a real-world Valve, you would probably want to extend ValveBase instead of implementing Valve (although the latter will work). The gain is LifeCycle support. "Dinh, Chinh" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks, Bill . > In BasicAuthenticator.java , the authenticate() method gets the username and password by calling : > > String authorization = request.getAuthorization(); > > which gets the value from the "authorization" request header, which is the value to be base 64 encoded of username and password. My goal is to set this request with the correct "authorization" header so that I can bypass the "Login dialog" if the username and password are already got before the request (before the user enters http://......../webdav to run the webdav servlet). I have no clue how to do this ... What's the purpose of a VALVE class ? Thanks. > > > Bill Barker <[EMAIL PROTECTED]> wrote: > The simplest solution is to enable the SingleSignOnValve. This allows any > login to any Context to be passes to any other Context. If this doesn't > meet your needs, then you can: > 1) Write a custom Valve to pickup the User. > 2) Write a custom Authenticator that knows how to pickup the User. > > "Dinh, Chinh" wrote in message > news:[EMAIL PROTECTED] > > > > I have a question about WEBDAV and How authenticate works. > > > > If i have this in web.xml > > > > > > BASIC > > MyCustomRealm > > > > > > It will get an Popup Log in dialog, and it will invoke my realm's > > authenticate() method, with username and password being entered by > > the user. > > > > However, I do not want the log in dialog to pop up in all cases. > > There's a case that the user is already authenticated BEFORE he tries > > to run the webdav servlet, and in this case, he wants to bypass the > > log in dialog. > > > > Do you know How to pass in the Authenticator class some information > > so that it doesn't need to invoke the login dialog if the user is already > > authenticated ? What information would the authenticator need ? > > > > Thanks. > > - Chinh > > > > > > > > --------------------------------- > > Do you Yahoo!? > > SBC Yahoo! DSL - Now only $29.95 per month! > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------- > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]