sZabi,
Thnkx for response. I am actually already using similar approach. It is easy to implement, but it has one problem (from my point of view). It is not very "user friendly". It is much easier to explain to end user that if he/she is using "FORM" as authentication method, all he/she need to do to start use my authentication IN ADDITION to FORM is replace "FORM" with "ACME-FORM" in web.xml file. I would love to register one "ACME-xxx" authenticator for each of standard ones so it does my special authentication + what ever standard one is doing.
        Thnkx again,

Andrei Tchijov



On Jun 7, 2007, at 12:01 PM, Szabolcs Márton wrote:

Hi!

its an options, i use sometime.
Create a filter.

a class likes this.
public class AuthenticationFilter implements Filter {

private static Logger log = Logger.getLogger (AuthenticationFilter.class);

        public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
                        throws IOException, ServletException {

....

add in web.xml this:

        <filter>
                <filter-name>myAuthfilter</filter-name>
                <filter-class>
                        poker.web.filters.AuthenticationFilter
                </filter-class>
                <init-param>
                        <param-name>LoginURL</param-name>
                        <param-value>/login</param-value>
                </init-param>

                <init-param>
                        <param-name>DeniedURL</param-name>
                        <param-value>/denied.jsp</param-value>
                </init-param>
                
        </filter>

        <filter-mapping>
                <filter-name>myAuthfilter</filter-name>
                <url-pattern>/*</url-pattern>
        </filter-mapping>


you can map a filter to an url-pattern, in this example everything.
in the filter you have the request and response as well.
you could create a response here, so its not get called the servlet,
or anything you called, because the filter dont let.
Or you can say to the filter to countine the processing, (when authenticated)

read about this on google for details.

i like this because its so simple, and so fast.

regards,
sZabi





2007/6/7, Andrei Tchijov <[EMAIL PROTECTED]>:
Hi,
I want to be able to add my own authentication method (login-config/
auth-method) as one of possible choices.  Is it possible to do so
without re-compiling tomcat?  Ideally, I would love to be able to
achieve my goal by changing server.xml file (and adding some jars
with my custom code to tomcat).

Before any one suggested that I should write custom Realm: I think it
will not work for me. My authentication method require access to ALL
information available from HTTP Request (not just user name/password)
also in some situations, access to HTTP Response is required as well.
It looks like this method:

protected abstract boolean authenticate(Request request,Response
response,LoginConfig config) throws IOException;

or AuthenticatorBase class is the best place to be.


Your comments will be highly appreciated,

Andrei Tchijov



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to