Bill Barker wrote:
You haven't missed anything. Tomcat simply doesn't try to authenticate a
user if authentication isn't required. Simplest and most portable is to
create a Filter that is configured as the first filter, and takes an
auth-method init param to tell it what to use, and then wraps the request in
a HttpServletWrapper that overrided getUserPrincipal before sending it on
it's way.
Other options include extending one or more of Tomcat's Authenticators, and
configuring your app to use your Authenticator rather than Tomcat's.
Thanks for your reply. It seems like a reasonable way to do it indeed.
I'm also looking at using JGuard perhaps <http://jguard.net/>.
Regards,
Bruno.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
