1 Reply Latest reply on Apr 19, 2005 11:49 AM by starksm64

Intercept requests before JAAS kicks in?

t_kishore Apr 19, 2005 2:53 AM

I am using Jboss 4. I have configured to use the DatabaseServerLoginModule(Jboss ogin module) to do the authentication and authorisation. I have written a ServletFilter to intercept all the requests to my webapp. But I have noticed that requests from unauthenticated users to protected resources are not intercepted by my filter. The request gets redirected to the configured login page in my web.xml. But I want my Filter to be invoked before the request is redirected to login page. Is it possible to make this happen?

1. Re: Intercept requests before JAAS kicks in?

starksm64 Apr 19, 2005 11:49 AM (in response to t_kishore)

No. A custom authenticator or valve is required. Its an ambiguous aspect of the servlet spec as to whether filters should be engaged in authorization paths and currently tomcat treats filters as application level components that apply after the standard security checks.
Actions