Filters are attached to specific frames in order to filter accesses to their resource. These filters are called once at lookup time, and once at reply time. On the way in (lookup time), they allow you to manipulate the request before the target resource handles it, and on the way out, they allow you to manipulate the target's reply before it is emitted back to the browser.
Although Jigsaw provides a number of filters, we will focus here on the authentication filter, that authenticate requests before they are handled by their appropriate target resources. The GenericAuthFilter is currently the only available authentication filter.
The GenericAuthFilter needs an authentication realm. An authentication realm is a database that will contain the description of a set of users, along with their passwords and/or IP adresses.
Each user defines a set of attributes, email, comments, ipadress, password. The email address is currently unused (but it might be used in the future for email notification). The comments field is used only for informational purposes. The ipaddress field allows you to state from which machine the user is allowed to connect. This field is not mandatory: if left blank, only the password will be used for authentication (be warned that the password authentication scheme used by HTTP is very weak, you should always specify both a password and some IP addresses). If you decide to fill in the ipaddress field, you can enter multiple addresses for the same user (one per line). You can use * in the ip address field, meaning that any user connecting from the given set of IP addresses is to be authentified as the realm user.
Now you should read the tutorial to
$Id: AuthInJigsaw.html,v 1.3 1998/04/17 12:20:19 benoit Exp $