In your webapp, there is no "authenticated session" -- at least from the
perspective of tomcat there isn't. Since you are managing the
authentication directly, all you need to do is send another unauthorized
response when the username/password aren't correct:
response.setStatus( HttpServletRe
Thanks David!
I got things working now exactly the way I wanted! But I still have another
question if you're up for it.
Since my authentication takes place somewhere else, I would like the basic
http authentication pop up window to be displayed again if the
authentication fails. I.e. the servlet t
You didn't actually say why this code doesn't work. Is there an error
or is it you just can't get the credentials from the request in your jsp?
At any rate, you have some options with storing the decoded
credentials. If you are writing all the code and you don't care if
getRemoteUser() ever
Thanks for the reply, (I'm thanking Tim as well :)).
I've never worked with filters before so I don't quite get everything you're
saying.
Your code seem to be a good first step though. But I have a few questions:
My code in the doFilter looks like this atm:
HttpServletRequest httpServletR
Do it in a request filter and don't implement a realm in tomcat. You're
looking for something like (all in a filter):
//Check for a basic auth header with actual user/pass info
if ((request.getHeader("Authentication") == null) ||
(request.getHeader("Authentication").length <= 6))
response.setS
In this case - I would not use a realm. I would use a few filters.
1) One that checks for the WWW-Authenticate headers to ensure you are logged
in and sets request.getRemoteUser() and override request.isUserInRole()
accordingly (via a HttpServletRequestWrapper). If not logged in - it will
retu
Hi!
I've implemented a simple custom realm that I use in Tomcat 5.0.28. But
instead of doing the authentication in the authenticate method in my realm
I'd like the actual authentication to be conducted by a another servlet that
takes username and password as parameters. So basically what I'd like
