4 Replies Latest reply on Oct 26, 2007 12:44 PM by Anil Saldanha

    Using valves to perform custom login based on http cookie

    Andre Neto Newbie


      I have a JAAS login module that authenticates a user based on an http cookie (we could say it asserts a previously authenticated user).
      My J2EE apps uses container-managed security with form-based authentication.
      As far as I understand, valves works pretty much like servlet filters, with the exception that they can intercept requests for container-protected resources.
      So I am guessing if its possible to use a valve to intercept a request, perform login based on a cookie and then let the request flow so the user is not asked for his username/password credentials.
      Yes, we can say this a form to achieve SSO.

      Any other approaches?

      Many thanks,