-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Semen,
Semen Vadishev wrote: > But behavior I need is: 1. If Tomcat gets request with no user > information data (username/password) it should pass it to servlet and > then servlet after handling request's URI according to pba config > file may send SC_UNAUTHORIZED (if it needs authenticated user) or > SC_FORBIDDEN (if any access denied). 2. If Tomcat gets request with > username and password it should check them according to > conf/tomcat-users.xml and if user authenticated pass it to servlet. You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend looking st securityfilter (http://securityfilter.sourceforge.net). It's implemented as a filter, so it works with any servlet container. It can work with Tomcat's built-in realms or you can write your own. It supports unsolicited logins (i.e. you can use your own login page that submits to j_security_check without having to first request a protected resource). It has configuration similar to that in web.xml, so you don't have to learn a new configuration format. You are free to use securityfilter's authentication mechanisms and completely skip authorization, which is what it looks like you want to do (by implementing it yourself). Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC4mU9CaO5/Lv0PARAm/tAJ4/SAUdOsMlZSugPtOsJaXpFGbRQACfRGov R26GvoQR29oZmVyMcH0EPmc= =N9aS -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]