-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
On 11/18/2009 11:42 AM, Mark Thomas wrote: > João Nuno Silva wrote: >> Hi, this is my first question to the list so please be gentle :) >> >> My question is about a Tomcat feature available when using container >> managed authentication. If a user requests a protected resource, Tomcat >> first authenticates the user and then processes the initial request >> whether it's a GET or a POST. I've been doing an in-house authentication >> mechanism which tries to mimic this functionality. >> >> I'm having a bit of trouble replicating the POST requests after >> successful user authentication. I've managed to replicate GET requests >> by doing a forward or a sendRedirect to the pre-authentication URL but >> with a POST things get harder. Is there any way to achieve this without >> using container managed authentication? > > Maybe. If I recall correctly, I implemented that using access to the > Tomcat internals. You may be able to do this with just the Servlet API > but I didn't try. This should be possible as long as you can save the entire request, including headers and body. >> What if that POST also included >> one file upload, would that make it impossible to replicate the request? > > No. You just read the input, save it and replay it later. +1 Note that "replay" basically means that a new request object must be created and used to forward the request using the request dispatcher to the intended target. I can't remember right this second, but I think the servlet spec says something like "you aren't allowed to substitute one request for another", so you may have to wrap the real request (the one carrying a successful login) with one that basically re-writes everything. Something doesn't seem right about that, but João should read the servlet specification very carefully to make sure that his solution is compliant. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEM/sACgkQ9CaO5/Lv0PANbQCgrvnL+Dni4QlBrvLPRVz3yzMN 3tcAoKGndwTB6dsv2e3VWxC8Mnaqtykr =vD6C -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
