Securityfilter seems like overkill. I'd like to try the custom Valve first.
Any idea how I can get at the Role from the Valve invoke method?
public void invoke(Request arg0, Response arg1) throws IOException,
ServletException {
Can I drill down into the Request and find the role?
-Bruce
On Thu, Jun 18, 2009 at 2:33 PM, André Warnier <a...@ice-sa.com> wrote:
> Bruce Edge wrote:
>
>>
>>> André,
>> thanks for your help.
>>
>
> Well actually, forget all I said, it turns out that it was mostly nonsense.
> The problem is, that if you use the container (Tomcat) based
> authentication, then the authentication will happen anyway, before it even
> gets to the servlet filter.
>
> So it is really a <Valve> which you need.
> A <Valve> "happens" at an earlier stage, before the webapp (and filters)
> are involved, so that would be early enough.
>
> Or else, you have to go for .. well yes, a servlet filter which does
> authentication (instead of the normal Tomcat auth stuff).
> There is something like that called SecurityFilter.
> (Here : http://securityfilter.sourceforge.net/)
>
> Don't let this put you down though. Doing authentication via a filter like
> SecurityFilter is a lot more flexible than with the embedded container
> method.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
