struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Barrows" <>
Subject RE: Two Qs re: authentication servlet filter
Date Tue, 04 Jan 2005 18:35:48 GMT

> -----Original Message-----
> From: []
> Sent: Tuesday, January 04, 2005 11:17 AM
> To:
> Subject: Two Qs re: authentication servlet filter
> Can anyone help a newbie out?  I have a couple of questions:
> 1)  I am implementing a servlet filter for authentication.  
> In my web app,
> a class reunion web site, I want people to be able to login with their
> first and last names and a password, instead of a single ID 
> and password,
> so I am NOT configuring form-based security and letting 
> TomCat do the work.
> Instead, I am checking authorization myself in this filter.  
> Is this sound
> reasoning or does anyone have better ideas?

I know of one other person whose name is James Barrows.  No relation to me at all.  Firstname/lastname
is probably not unique enough.

> 2)  In web.xml, in the filter-mapping tag, is there a way to 
> say "execute
> this filter to all servlets except /"  I tried 
> the following,
> using the regular expression carat, but get an "invalid 
> expression" error.
> I'd hate to list all servlets and JSPs that should get the 
> filter applied.

All actions that need to have a login should be of the form "/secure/", then
set your filter to the secure actions.

> More importantly, sounds like an opportunity for errors as new
> actions/servlets are created but maybe not added to the list of
> filter-mappings.  Here's the attempt at mapping that failed:
>   <filter>
>       <filter-name>AuthenticationFilter</filter-name>
>       <filter-class>schs82.AuthenticationFilter</filter-class>
>   </filter>
>   <filter-mapping>
>       <filter-name>AuthenticationFilter</filter-name>
>       <url-pattern>^/</url-pattern>
>   </filter-mapping>

I wish that would have worked too :)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message