Christopher,

2007/10/9, Christopher Schultz <[EMAIL PROTECTED]>:
>
> >> You cannot do this with Tomcat's authentication mechanism. You will
> >> have to provide an alternative implementation. I recommend looking
> >> st securityfilter ( http://securityfilter.sourceforge.net ).
> >
> > Well, securityfilter doesn't satisfy some servlet's requirements
>
> Like what?


Sorry if I was wrong, but does security filter supports such auth-methods as
BASIC, DIGEST, etc.? It was pointed that "BASIC authentication will be
supported in an upcoming 1.1 release" at
http://securityfilter.sourceforge.net . But at
http://sourceforge.net/projects/securityfilter/ I found some newer release
notes, but I found nothing about added support of other auth methods.

> so as you said I will have to provide my own low level authentication
> > mechanism.
>
> You can use Tomcat's built-in Realm as a basis for the authentication --
> so, for instance, you don't have to write your own SELECT query, etc.


Thanks, I've got it.

...why you want your own servlets to do the authorization instead
> of the container (or securityfilter)?


This is the main question. Today we decided to do nothing new with
authentication and use special "guest" user in the first version of servlet.
And only if users will ask for anonymous access I decribed earlier, we'll
develop custom mechanism or maybe use security filter. As I understood you
represents interests of security filter's developers (sorry if it's mistake)
and it will be greate if you' ll look at servlet's code at
http://svn.svnkit.com/repos/svnkit/trunk/ (svnkit-dav subdirectory) and give
me a response of how to use security filter with our servlet.

> It will be my first implementation, so any help will be appreciated.
>
> First servlet implementation, or first authentication and authorization
> implementation?


First  authentication and authorization implementation.

Thanks,
S. Vadishev.

Reply via email to