Bruce Edge wrote:
André,
thanks for your help.
Well actually, forget all I said, it turns out that it was mostly
nonsense. The problem is, that if you use the container (Tomcat) based
authentication, then the authentication will happen anyway, before it
even gets to the servlet filter.
So it is really a <Valve> which you need.
A <Valve> "happens" at an earlier stage, before the webapp (and filters)
are involved, so that would be early enough.
Or else, you have to go for .. well yes, a servlet filter which does
authentication (instead of the normal Tomcat auth stuff).
There is something like that called SecurityFilter.
(Here : http://securityfilter.sourceforge.net/)
Don't let this put you down though. Doing authentication via a filter
like SecurityFilter is a lot more flexible than with the embedded
container method.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
