-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 9/27/2011 7:40 AM, André Warnier wrote: > The reason why I was mentioning further complexity for the Valve > solution, is that as far as I know, the HttpServletRequest object > is "immutable" (iow read-only), as it is received. For the most part, this is true. > So you cannot just take the incoming HttpServletRequest, and if the > IP address matches, add a "fake" "Authorization:" header to it with > some generic user-id/password. You will have to wrap the original > HttpServletRequest into a custom HttpServletRequest wrapper, (a la > "class CustomRequest extends HttpServletRequestWrapper"), add the > fake header there, and forward this CustomRequest instead of the > original for further processing. Correct. > At least, that is what I had to do the last time I wrote some > Tomcat authentication code as a Servlet Filter. Maybe for a Valve, > the situation is different. Hmm... I was about to say that the Request object is mutable (which it is), but apparently, headers are something that can't be modified, so you'll need to wrap the Request in the same way as described above. Those interested in doing something like this might be interested in the attachment to this bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=45014 Hmm... I should go ahead and commit that. :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6CD90ACgkQ9CaO5/Lv0PDNMQCdG7+FiiioqZYyLp9e+9jzaVr/ se0AnAh3gTkdCgrvcjnsKD+9/fpeKzVq =ho/S -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
