On Thu, Jun 18, 2009 at 3:28 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote:
> > From: Bruce Edge [mailto:bruce.e...@gmail.com] > > Subject: Custom valve, how to change role? > > > > ...or am I completely off in left field and should scrap > > this before someone gets hurt and just use securityfilter? > > If you really insist on differentiating internal and external requests, > then quite likely you should just use securityfilter - it should be a *lot* > easier. Writing a custom valve ties you into Tomcat, and possibly a > particular version of Tomcat, since valves are not part of the servlet spec > (filters are). > > If you really want to write a valve, look at the source for something that > is related to what you want, such as: > org/apache/catalina/authenticator/SingleSignOn.java > and related files. > > Personally, I'd just have the internal requests authenticate like everyone > else. I'm starting to agree with you. This was a relatively simple thing back when I was using gSOAP. Since everything else is so much easier in the java world I assumed this would be too. In any case, thanks for all the pointers. -Bruce > > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
