Servlet filter
From RavenWiki
Jump to navigationJump to search
The Raven-related software described on this page is NOT supported or maintained by University Information Services.
It is provided here in the hope that it may be useful, but it may contain bugs and security vulnerabilities. It may be supported and maintained by others. You should evaluate whether it meets you particular needs before using it.
Philip Shore ( pms52 at cam.ac.uk) has adapted William Billingsley's Tomcat Valve into a servlet filter which can therefore be used with any servlet container - i.e. not just Tomcat. He writes:
- I have taken the Valve code and pretty much used it as is. There are three differences:
- 1. Configuration is simplified.
- 2. Where the authenticated user name is fetched from. I have had to use a plain session attribute.
- 3. The way status codes are passed back to the Servlet container. Using the filter, you can now configure the error pages for each status code in the web.xml. The Valve code could easily be changed to do this too - it currently passed back a 500 for every error.
It is available in the ucam-webauth github project
The filter is distributed under the terms of the GNU Lesser General Public License.
See also Tomcat Valve, Tomcat authenticator and JAAS implementation and JAVA Servlet Library.