> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 04, 2005 11:17 AM > To: user@struts.apache.org > Subject: Two Qs re: authentication servlet filter > > > > > > > Can anyone help a newbie out? I have a couple of questions: > > 1) I am implementing a servlet filter for authentication. > In my web app, > a class reunion web site, I want people to be able to login with their > first and last names and a password, instead of a single ID > and password, > so I am NOT configuring form-based security and letting > TomCat do the work. > Instead, I am checking authorization myself in this filter. > Is this sound > reasoning or does anyone have better ideas?
I know of one other person whose name is James Barrows. No relation to me at all. Firstname/lastname is probably not unique enough. > > 2) In web.xml, in the filter-mapping tag, is there a way to > say "execute > this filter to all servlets except /LoginAction.do" I tried > the following, > using the regular expression carat, but get an "invalid > expression" error. > I'd hate to list all servlets and JSPs that should get the > filter applied. All actions that need to have a login should be of the form "/secure/actionName.do", then set your filter to the secure actions. > More importantly, sounds like an opportunity for errors as new > actions/servlets are created but maybe not added to the list of > filter-mappings. Here's the attempt at mapping that failed: > > <filter> > <filter-name>AuthenticationFilter</filter-name> > <filter-class>schs82.AuthenticationFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>AuthenticationFilter</filter-name> > <url-pattern>^/LoginAction.do</url-pattern> > </filter-mapping> I wish that would have worked too :) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]