You should have a look at securityFilter that does such a job. It tries to "look like" j2ee FORM security check, but allow you to use your own authentication rules.
Nico.
Jim Barrows a écrit :
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 04, 2005 11:17 AM To: user@struts.apache.org Subject: Two Qs re: authentication servlet filter
Can anyone help a newbie out? I have a couple of questions:
1) I am implementing a servlet filter for authentication. In my web app,
a class reunion web site, I want people to be able to login with their
first and last names and a password, instead of a single ID and password,
so I am NOT configuring form-based security and letting TomCat do the work.
Instead, I am checking authorization myself in this filter. Is this sound
reasoning or does anyone have better ideas?
I know of one other person whose name is James Barrows. No relation to me at all. Firstname/lastname is probably not unique enough.
2) In web.xml, in the filter-mapping tag, is there a way to say "execute
this filter to all servlets except /LoginAction.do" I tried the following,
using the regular expression carat, but get an "invalid expression" error.
I'd hate to list all servlets and JSPs that should get the filter applied.
All actions that need to have a login should be of the form "/secure/actionName.do", then set your filter to the secure actions.
More importantly, sounds like an opportunity for errors as new actions/servlets are created but maybe not added to the list of filter-mappings. Here's the attempt at mapping that failed:
<filter> <filter-name>AuthenticationFilter</filter-name> <filter-class>schs82.AuthenticationFilter</filter-class> </filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>^/LoginAction.do</url-pattern>
</filter-mapping>
I wish that would have worked too :)
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
