glassfish_at_javadesktop.org wrote:
>Jan,
> The primary purpose is security/authentication. Essentially it traps all requests and checks to see if the user is logged in. Additionally, I was looking to add the following functionality:
>
> - If the user is [b]not[/b] logged in, but requests a valid page (i.e. a non-404), the page request is saved, and re-issued after successfully logging in.
>
>
Hmm, this is exactly what the FormAuthenticator, which implements FORM
authentication
in the form of a context valve, currently does: If the client has not
yet been authenticated, it
creates a session in which to store the original request, authenticates
the client, and then
resumes the request that had been saved in the session - but it does so
regardless of whether
the request would result in a 404.
Notice that by virtue of being implemented as a context valve, the
FormAuthenticator
is invoked prior to any filters.
Are you trying to invent your own authentication mechanism? :)
Jan
>In the current form, the resuming works for regular page requests, and .jsp's. However, if the user attempts to access a Servlet, that does not resolve to an actual file, so the resuming does not take place.
>
>Cheers,
> - Tim
>[Message sent by forum member 'tim_mead' (tim_mead)]
>
>http://forums.java.net/jive/thread.jspa?messageID=231725
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
>For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>