Hi ,
Thanks for the replies, really appreciate that.
I am using BASIC because i am authenticating webservice calls. I
already have FORM for a sister application which provides web based access.
I want to log authentication failures.
Is the only option i have is overwrite BASICAuthenticator under TOMCAT
because i will have the access to request and response at that stage and i
will know if the user is authenticated or not ?
I tried to add a JDBC access valve to TOMCAT but the problem was i had
no way of knowing if the user is authenticated when the access details are
getting logged in the database.
Please let me know if you have any other ideas
Thanks
Dhiraj Ramakrishnan
On 8/11/06, David Smith <[EMAIL PROTECTED]> wrote:
A little googling confirmed my earlier suspicion. The 401 response
contains the error page. This is why you can't redirect a 401 error
like a 404 or other error responses.
-David
Pid wrote:
>If you're using a JDBC realm then you are using Tomcats authentication,
>which operates at a higher level than Filters and Servlets, so you can't
>insert anything into the chain there.
>
>With Basic Auth, the browser does the submission of credentials, based
>on the error codes that the server sends.
>
>So when it fails, the server sends a 403 or something.
>
>If you want to control the pages the user sees, you're probably better
>off configuring FORM Auth, instead of BASIC. It allows you to specify a
>page/servlet for the login form, and a page/servlet for the login error
>page.
>
>
>
>pid
>
>
>David Smith wrote:
>
>
>>I believe in BASIC auth, the client already has the auth failed page
>>during authentication. Once authentication fails, that page is
>>displayed. Short of the images and other resources the error page
>>needs, there is not another request to the server hence no filter call.
>>
>>--David
>>
>>Dhiraj Ramakrishnan wrote:
>>
>>
>>
>>>Hello,
>>>
>>>
>>> I have configured a SimpleServletFilter to act as my authentication
>>>filter, i want it to do certain things after the authentication has
>>>failed.
>>>
>>> My application is being authenticated using a TOMCAT JDBC Realm.
The
>>>authentication scheme is BASIC.
>>>
>>> I noticed that the filter is being called after the authentication
is
>>>done, that is only if it is a valid user the filter is being called.
>>>
>>> The filter is not called at all in case the authentication has
>>>failed.
>>>
>>>
>>>
>>>
>>>Any ideas on this problem will be much appreciated.
>>>
>>>Thanks
>>>
>>>Dhiraj Ramakrishnan
>>>
>>>
>>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>
>>
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
