-
Correct: securityfilter was originally written to work with the Tomcat 4 Realms. In the intervening versions, changes within Tomcat have been made that break the interoperability between securityfilter and Tomcat's Realm implementations.
Even when the API is compatible (for instance, with Tomcat 5.0 or 5.5, I think), catalina.jar now has dependencies on the actual runtime instances of...
2009-09-29 20:37:36 UTC in SecurityFilter
-
Mats,
I don't believe anyone has done this, primarily because it would break compatibility with the servlet specification. sf uses PCRE's internally, so it should not be hard to add general regular expression capabilities to the URL matching code. Note that the next major version of sf is basically being re-written from scratch, along with the pattern-matching code. This will give me the...
2009-08-12 14:26:47 UTC in SecurityFilter
-
Mats,
For option #1, there is no need to recompile securityfilter. If you write a class called org.securityfilter.authenticator.BasicAuthenticator and put it in your WEB-INF/classes directory, it /should/ override the one in the sf JAR file.
A custom realm is not necessary as pivot points out: merely putting the Principal in the proper place in the session will cause sf to honor it. (This...
2009-08-10 20:04:54 UTC in SecurityFilter
-
Mats,
There is no option in securityfilter to skip the authentication step. You are free to use the code as you see fit, though: you could write your own filter that uses the code available in securityfilter to perform only authentication.
You could also adapt your existing filter to be an authentication Realm for securityfilter and use them together, instead of trying to split...
2009-08-09 22:02:52 UTC in SecurityFilter
-
Securityfilter does not support CAS or single-sign-on out of the box.
The only ways for a webapp to collect credentials are using HTTP authentication headers (WWW-Authenticate), using FORM values (such as j_username and j_password) or using a client SSL certificate.
Using sf with CAS for authentication isn't a big deal: you just need to write a Realm that can authenticate against your...
2009-07-05 14:16:40 UTC in SecurityFilter
-
So, what was your solution? IIRC, sf uses base64 encoding to encode the encrypted data, which should work just fine with cookie values (yes, '/' is one of the characters used for base64 output.
You might be running into this problem: http://cephas.net/blog/2008/11/18/tomcat-6018-version-1-cookies-acegi-remember-me-and-ie/
So, perhaps the solution is to simplify the data generated by sf by...
2009-06-19 21:52:33 UTC in SecurityFilter
-
I am one of the the project admins for securityfilter and I am unable to delete a mailing list post at the request of the poster (accidentally posted sensitive information).
I tried to click on the "minus sign" next to the post in order to exclude it from the mailing list and I got an error with a simple "Failed to insert message in to exclude list." error message.
The link I was...
2008-09-30 22:37:59 UTC in SourceForge.net
-
chris_schultz committed patchset 249 of module securityfilter to the SecurityFilter CVS repository, changing 1 files.
2008-04-18 13:08:03 UTC in SecurityFilter
-
chris_schultz committed revision 6 to the TestURLConnection SVN repository, changing 1 files.
2008-02-25 15:07:39 UTC in TestURLConnection
-
chris_schultz committed patchset 248 of module securityfilter to the SecurityFilter CVS repository, changing 8 files.
2007-11-07 17:22:38 UTC in SecurityFilter
