You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Dhiraj Ramakrishnan <st...@gmail.com> on 2006/08/10 06:02:24 UTC

JDBCRealm with Simple Servlet Filter

Hello,


     I have configured a SimpleServletFilter to act as my authentication
filter, i want it to do certain things after the authentication has failed.

     My application is being authenticated using a TOMCAT JDBC Realm. The
authentication scheme is BASIC.

     I noticed that the filter is being called after the authentication is
done, that is only if it is a valid user the filter is being called.

     The filter is not called at all in case the authentication has failed.




 Any ideas on this problem will be much appreciated.

Thanks

Dhiraj Ramakrishnan

Re: JDBCRealm with Simple Servlet Filter

Posted by Dhiraj Ramakrishnan <st...@gmail.com>.

Hi ,

       Thanks for the replies, really appreciate that.

       I am using BASIC because i am authenticating webservice calls. I
already have FORM for a sister application which provides web based access.

       I want to log authentication failures.

      Is the only option i have is overwrite BASICAuthenticator under TOMCAT
because i will have the access to request and response at that stage and i
will know if the user is authenticated or not ?

      I tried to add a JDBC access valve to TOMCAT but the problem was i had
no way of knowing if the user is authenticated when the access details are
getting logged in the database.

     Please let me know if you have any other ideas

Thanks

Dhiraj Ramakrishnan

On 8/11/06, David Smith <dn...@cornell.edu> wrote:
>
> A little googling confirmed my earlier suspicion.  The 401 response
> contains the error page.  This is why you can't redirect a 401 error
> like a 404 or other error responses.
>
> -David
>
> Pid wrote:
>
> >If you're using a JDBC realm then you are using Tomcats authentication,
> >which operates at a higher level than Filters and Servlets, so you can't
> >insert anything into the chain there.
> >
> >With Basic Auth, the browser does the submission of credentials, based
> >on the error codes that the server sends.
> >
> >So when it fails, the server sends a 403 or something.
> >
> >If you want to control the pages the user sees, you're probably better
> >off configuring FORM Auth, instead of BASIC.  It allows you to specify a
> >page/servlet for the login form, and a page/servlet for the login error
> >page.
> >
> >
> >
> >pid
> >
> >
> >David Smith wrote:
> >
> >
> >>I believe in BASIC auth, the client already has the auth failed page
> >>during authentication.  Once authentication fails, that page is
> >>displayed.  Short of the images and other resources the error page
> >>needs, there is not another request to the server hence no filter call.
> >>
> >>--David
> >>
> >>Dhiraj Ramakrishnan wrote:
> >>
> >>
> >>
> >>>Hello,
> >>>
> >>>
> >>>    I have configured a SimpleServletFilter to act as my authentication
> >>>filter, i want it to do certain things after the authentication has
> >>>failed.
> >>>
> >>>    My application is being authenticated using a TOMCAT JDBC Realm.
> The
> >>>authentication scheme is BASIC.
> >>>
> >>>    I noticed that the filter is being called after the authentication
> is
> >>>done, that is only if it is a valid user the filter is being called.
> >>>
> >>>    The filter is not called at all in case the authentication has
> >>>failed.
> >>>
> >>>
> >>>
> >>>
> >>>Any ideas on this problem will be much appreciated.
> >>>
> >>>Thanks
> >>>
> >>>Dhiraj Ramakrishnan
> >>>
> >>>
> >>>
> >>---------------------------------------------------------------------
> >>To start a new topic, e-mail: users@tomcat.apache.org
> >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >>
> >>
> >>
> >
> >---------------------------------------------------------------------
> >To start a new topic, e-mail: users@tomcat.apache.org
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: JDBCRealm with Simple Servlet Filter

Posted by David Smith <dn...@cornell.edu>.

A little googling confirmed my earlier suspicion.  The 401 response 
contains the error page.  This is why you can't redirect a 401 error 
like a 404 or other error responses.

-David

Pid wrote:

>If you're using a JDBC realm then you are using Tomcats authentication,
>which operates at a higher level than Filters and Servlets, so you can't
>insert anything into the chain there.
>
>With Basic Auth, the browser does the submission of credentials, based
>on the error codes that the server sends.
>
>So when it fails, the server sends a 403 or something.
>
>If you want to control the pages the user sees, you're probably better
>off configuring FORM Auth, instead of BASIC.  It allows you to specify a
>page/servlet for the login form, and a page/servlet for the login error
>page.
>
>
>
>pid
>
>
>David Smith wrote:
>  
>
>>I believe in BASIC auth, the client already has the auth failed page
>>during authentication.  Once authentication fails, that page is
>>displayed.  Short of the images and other resources the error page
>>needs, there is not another request to the server hence no filter call.
>>
>>--David
>>
>>Dhiraj Ramakrishnan wrote:
>>
>>    
>>
>>>Hello,
>>>
>>>
>>>    I have configured a SimpleServletFilter to act as my authentication
>>>filter, i want it to do certain things after the authentication has
>>>failed.
>>>
>>>    My application is being authenticated using a TOMCAT JDBC Realm. The
>>>authentication scheme is BASIC.
>>>
>>>    I noticed that the filter is being called after the authentication is
>>>done, that is only if it is a valid user the filter is being called.
>>>
>>>    The filter is not called at all in case the authentication has
>>>failed.
>>>
>>>
>>>
>>>
>>>Any ideas on this problem will be much appreciated.
>>>
>>>Thanks
>>>
>>>Dhiraj Ramakrishnan
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>>    
>>
>
>---------------------------------------------------------------------
>To start a new topic, e-mail: users@tomcat.apache.org
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: JDBCRealm with Simple Servlet Filter

Posted by Pid <p...@pidster.com>.

If you're using a JDBC realm then you are using Tomcats authentication,
which operates at a higher level than Filters and Servlets, so you can't
insert anything into the chain there.

With Basic Auth, the browser does the submission of credentials, based
on the error codes that the server sends.

So when it fails, the server sends a 403 or something.

If you want to control the pages the user sees, you're probably better
off configuring FORM Auth, instead of BASIC.  It allows you to specify a
page/servlet for the login form, and a page/servlet for the login error
page.



pid


David Smith wrote:
> I believe in BASIC auth, the client already has the auth failed page
> during authentication.  Once authentication fails, that page is
> displayed.  Short of the images and other resources the error page
> needs, there is not another request to the server hence no filter call.
> 
> --David
> 
> Dhiraj Ramakrishnan wrote:
> 
>> Hello,
>>
>>
>>     I have configured a SimpleServletFilter to act as my authentication
>> filter, i want it to do certain things after the authentication has
>> failed.
>>
>>     My application is being authenticated using a TOMCAT JDBC Realm. The
>> authentication scheme is BASIC.
>>
>>     I noticed that the filter is being called after the authentication is
>> done, that is only if it is a valid user the filter is being called.
>>
>>     The filter is not called at all in case the authentication has
>> failed.
>>
>>
>>
>>
>> Any ideas on this problem will be much appreciated.
>>
>> Thanks
>>
>> Dhiraj Ramakrishnan
>>
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: JDBCRealm with Simple Servlet Filter

Posted by David Smith <dn...@cornell.edu>.

I believe in BASIC auth, the client already has the auth failed page 
during authentication.  Once authentication fails, that page is 
displayed.  Short of the images and other resources the error page 
needs, there is not another request to the server hence no filter call.

--David

Dhiraj Ramakrishnan wrote:

> Hello,
>
>
>     I have configured a SimpleServletFilter to act as my authentication
> filter, i want it to do certain things after the authentication has 
> failed.
>
>     My application is being authenticated using a TOMCAT JDBC Realm. The
> authentication scheme is BASIC.
>
>     I noticed that the filter is being called after the authentication is
> done, that is only if it is a valid user the filter is being called.
>
>     The filter is not called at all in case the authentication has 
> failed.
>
>
>
>
> Any ideas on this problem will be much appreciated.
>
> Thanks
>
> Dhiraj Ramakrishnan
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org