Authentication using a ServletFilter

Aug 22, 2010 at 11:14 PM

Hello Dominique,

1. I have copied your Source (without the AD-groups part, I do not need this at the moment) and created a Servlet Filter to authenticate within a web-Application.

If you like, I give you the source so you could consider adding it to your codebase.  Maybe it is of use for others.
The advantage of a Filter is that it is only dependent from the servlet-api (except for the logging, but see below), so it could be used also in another servlet-container..

2. It seems that the only difference between the versions for tomcat 5.5 and tomcat 6 is only the logging.
If you would create and use your own (simple) logging classes, which delegate to the matching tomcat logging classes e.g.
you could have only one source code version .. no need to recompile for tc55, no need to build (and provide) 2 different jar files.


Aug 27, 2010 at 12:17 PM
Edited Aug 27, 2010 at 12:25 PM

Hello Charly,

About the second point: You're right. It is very easy to find the version of tomcat (org.apache.catalina.util.ServerInfo.getServerNumber ()).

About the first point: If you open a new item on Issue Tracker, you can attach a file.

I wanted to use roles. Authorizations are defined in web.xml (Servlets specifications). If you use a filter, you cannot use these definitions. Tomcat uses a Valve to get the information supplied by the user and a Realm to authenticate the user and create a principal with roles. If we do not use a Valve, we must rewrite the Realms. If you do not map roles tomcat on Windows groups, it is a real problem. You must add a solution for each realm  (LDAP, JDBC, xml file, etc. ..).

Thank you for your comments.


Jan 5, 2011 at 3:10 PM



I am interested in that ServletFilter, how can I get it ?

Thanks in advance.



Jan 6, 2011 at 12:50 AM


I have opened a new item on the issue tracker [workitem:6038] and have attached the source. Alexandre you can download it there.

The filter (currently) does not support groups in AD.  (in my webapps authorization is supported within the webapp without any dependency from AD groups)

Dominique: If you like you can adjust the code and add it to your project.