Re: JDBCRealm with Simple Servlet Filter

Thu, 10 Aug 2006 06:04:45 -0700

A little googling confirmed my earlier suspicion. The 401 response contains the error page. This is why you can't redirect a 401 error like a 404 or other error responses. 

-David

Pid wrote:


If you're using a JDBC realm then you are using Tomcats authentication,
which operates at a higher level than Filters and Servlets, so you can't
insert anything into the chain there.

With Basic Auth, the browser does the submission of credentials, based
on the error codes that the server sends.

So when it fails, the server sends a 403 or something.

If you want to control the pages the user sees, you're probably better
off configuring FORM Auth, instead of BASIC.  It allows you to specify a
page/servlet for the login form, and a page/servlet for the login error
page.



pid


David Smith wrote:

I believe in BASIC auth, the client already has the auth failed page
during authentication.  Once authentication fails, that page is
displayed.  Short of the images and other resources the error page
needs, there is not another request to the server hence no filter call.

--David

Dhiraj Ramakrishnan wrote:


Hello,


   I have configured a SimpleServletFilter to act as my authentication
filter, i want it to do certain things after the authentication has
failed.

   My application is being authenticated using a TOMCAT JDBC Realm. The
authentication scheme is BASIC.

   I noticed that the filter is being called after the authentication is
done, that is only if it is a valid user the filter is being called.

   The filter is not called at all in case the authentication has
failed.




Any ideas on this problem will be much appreciated.

Thanks

Dhiraj Ramakrishnan


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to