struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject RESOLVED: Two Qs re: authentication servlet filter
Date Tue, 04 Jan 2005 20:05:30 GMT

Thanks Jim!
For anyone following along, Jim's suggestion to preface all actions to be
authenticated with "/secure/" works great.  Of course, you have to change
all references to those actions in many places, but had I thought of that
idea when I started developing this (my first real) site, it would have
been no extra work.

                      "Jim Barrows"                                                      
                      <        To:       "Struts Users Mailing List" <>
                      m>                       cc:                                    
                                               Subject:  RE: Two Qs re: authentication servlet
                      01/04/2005 01:35                                                   
                      Please respond to                                                  
                      "Struts Users                                                      
                      Mailing List"                                                      

> -----Original Message-----
> From: []
> Sent: Tuesday, January 04, 2005 11:17 AM
> To:
> Subject: Two Qs re: authentication servlet filter
> Can anyone help a newbie out?  I have a couple of questions:
> 1)  I am implementing a servlet filter for authentication.
> In my web app,
> a class reunion web site, I want people to be able to login with their
> first and last names and a password, instead of a single ID
> and password,
> so I am NOT configuring form-based security and letting
> TomCat do the work.
> Instead, I am checking authorization myself in this filter.
> Is this sound
> reasoning or does anyone have better ideas?

I know of one other person whose name is James Barrows.  No relation to me
at all.  Firstname/lastname is probably not unique enough.

> 2)  In web.xml, in the filter-mapping tag, is there a way to
> say "execute
> this filter to all servlets except /"  I tried
> the following,
> using the regular expression carat, but get an "invalid
> expression" error.
> I'd hate to list all servlets and JSPs that should get the
> filter applied.

All actions that need to have a login should be of the form
"/secure/", then set your filter to the secure actions.

> More importantly, sounds like an opportunity for errors as new
> actions/servlets are created but maybe not added to the list of
> filter-mappings.  Here's the attempt at mapping that failed:
>   <filter>
>       <filter-name>AuthenticationFilter</filter-name>
>       <filter-class>schs82.AuthenticationFilter</filter-class>
>   </filter>
>   <filter-mapping>
>       <filter-name>AuthenticationFilter</filter-name>
>       <url-pattern>^/</url-pattern>
>   </filter-mapping>

I wish that would have worked too :)

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message