struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From john.ches...@convergys.com
Subject RESOLVED: Two Qs re: authentication servlet filter
Date Tue, 04 Jan 2005 20:05:30 GMT




Thanks Jim!
For anyone following along, Jim's suggestion to preface all actions to be
authenticated with "/secure/" works great.  Of course, you have to change
all references to those actions in many places, but had I thought of that
idea when I started developing this (my first real) site, it would have
been no extra work.




                                                                                         
                                                     
                      "Jim Barrows"                                                      
                                                     
                      <jbarrows@sssc.co        To:       "Struts Users Mailing List" <user@struts.apache.org>
                                 
                      m>                       cc:                                    
                                                        
                                               Subject:  RE: Two Qs re: authentication servlet
filter                                          
                      01/04/2005 01:35                                                   
                                                     
                      PM                                                                 
                                                     
                      Please respond to                                                  
                                                     
                      "Struts Users                                                      
                                                     
                      Mailing List"                                                      
                                                     
                                                                                         
                                                     
                                                                                         
                                                     






> -----Original Message-----
> From: john.chesher@convergys.com [mailto:john.chesher@convergys.com]
> Sent: Tuesday, January 04, 2005 11:17 AM
> To: user@struts.apache.org
> Subject: Two Qs re: authentication servlet filter
>
>
>
>
>
>
> Can anyone help a newbie out?  I have a couple of questions:
>
> 1)  I am implementing a servlet filter for authentication.
> In my web app,
> a class reunion web site, I want people to be able to login with their
> first and last names and a password, instead of a single ID
> and password,
> so I am NOT configuring form-based security and letting
> TomCat do the work.
> Instead, I am checking authorization myself in this filter.
> Is this sound
> reasoning or does anyone have better ideas?

I know of one other person whose name is James Barrows.  No relation to me
at all.  Firstname/lastname is probably not unique enough.

>
> 2)  In web.xml, in the filter-mapping tag, is there a way to
> say "execute
> this filter to all servlets except /LoginAction.do"  I tried
> the following,
> using the regular expression carat, but get an "invalid
> expression" error.
> I'd hate to list all servlets and JSPs that should get the
> filter applied.

All actions that need to have a login should be of the form
"/secure/actionName.do", then set your filter to the secure actions.

> More importantly, sounds like an opportunity for errors as new
> actions/servlets are created but maybe not added to the list of
> filter-mappings.  Here's the attempt at mapping that failed:
>
>   <filter>
>       <filter-name>AuthenticationFilter</filter-name>
>       <filter-class>schs82.AuthenticationFilter</filter-class>
>   </filter>
>
>   <filter-mapping>
>       <filter-name>AuthenticationFilter</filter-name>
>       <url-pattern>^/LoginAction.do</url-pattern>
>   </filter-mapping>

I wish that would have worked too :)

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message