Reputation: 1423
creating a filter for second factor of authentication
I have a two factor based authentication server which i need to integrate to a existing web application
Existing application description:-
java JSP, servlet application
running on tomcat server 6.0
source code is not available
My twofactor solution provide following integrations:-
- web service which receive username and OTP returns "true " or "false"
- Has a OTP page which can be called from any website sending username,targetPage as parameter (credit card transaction type)
Problem statement
I need to integrate my two-factor(OTP verification ) to the existing application ,so that OTP is asked on every login and user has no way he can enter the application without OTP . I have heard about creating filters on the web server(of exiting application ) but It will allow intruder to use his OTP and the victim's password
- I cannot make changes to the existing application
- I have complete control on my two-factor application . ( i can modify and create more API's)
Upvotes: 1
Views: 859
Answers (1)
Reputation:
You could create a Tomcat valve which intercepts all requests and prompts for the OTP. This way if the user does not enter a valid OTP the request won't even make it to the webapp
Upvotes: 1
Related Questions
- Add authenticated user id by filter to java servlet
- Login filter java servlet
- Authentication Servlet Filter
- Authenticating the username, password by using filters in Java (contacting with database)
- Servlet jsp, authentication filters
- How to use servlet and jsp with authentication?
- Authentication filter to prevent user from going to login page if he is already logged in
- Tomcat SecurityFilter and Authorization
- How to check user authorized with filter
- Web Form based login in Java