You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andrei Tchijov <an...@tchijov.com> on 2007/06/07 17:33:20 UTC
Is it possible to introduce new authentication method without modifying tomcat?
Hi,
I want to be able to add my own authentication method (login-config/
auth-method) as one of possible choices. Is it possible to do so
without re-compiling tomcat? Ideally, I would love to be able to
achieve my goal by changing server.xml file (and adding some jars
with my custom code to tomcat).
Before any one suggested that I should write custom Realm: I think it
will not work for me. My authentication method require access to ALL
information available from HTTP Request (not just user name/password)
also in some situations, access to HTTP Response is required as well.
It looks like this method:
protected abstract boolean authenticate(Request request,Response
response,LoginConfig config) throws IOException;
or AuthenticatorBase class is the best place to be.
Your comments will be highly appreciated,
Andrei Tchijov
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Andrei Tchijov <an...@tchijov.com>.
sZabi,
Thnkx for response. I am actually already using similar approach.
It is easy to implement, but it has one problem (from my point of
view). It is not very "user friendly". It is much easier to explain
to end user that if he/she is using "FORM" as authentication method,
all he/she need to do to start use my authentication IN ADDITION to
FORM is replace "FORM" with "ACME-FORM" in web.xml file. I would love
to register one "ACME-xxx" authenticator for each of standard ones
so it does my special authentication + what ever standard one is doing.
Thnkx again,
Andrei Tchijov
On Jun 7, 2007, at 12:01 PM, Szabolcs Márton wrote:
> Hi!
>
> its an options, i use sometime.
> Create a filter.
>
> a class likes this.
> public class AuthenticationFilter implements Filter {
>
> private static Logger log = Logger.getLogger
> (AuthenticationFilter.class);
>
> public void doFilter(ServletRequest request, ServletResponse
> response, FilterChain chain)
> throws IOException, ServletException {
>
> ....
>
> add in web.xml this:
>
> <filter>
> <filter-name>myAuthfilter</filter-name>
> <filter-class>
> poker.web.filters.AuthenticationFilter
> </filter-class>
> <init-param>
> <param-name>LoginURL</param-name>
> <param-value>/login</param-value>
> </init-param>
>
> <init-param>
> <param-name>DeniedURL</param-name>
> <param-value>/denied.jsp</param-value>
> </init-param>
>
> </filter>
>
> <filter-mapping>
> <filter-name>myAuthfilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
>
> you can map a filter to an url-pattern, in this example everything.
> in the filter you have the request and response as well.
> you could create a response here, so its not get called the servlet,
> or anything you called, because the filter dont let.
> Or you can say to the filter to countine the processing, (when
> authenticated)
>
> read about this on google for details.
>
> i like this because its so simple, and so fast.
>
> regards,
> sZabi
>
>
>
>
>
> 2007/6/7, Andrei Tchijov <an...@tchijov.com>:
>> Hi,
>> I want to be able to add my own authentication method
>> (login-config/
>> auth-method) as one of possible choices. Is it possible to do so
>> without re-compiling tomcat? Ideally, I would love to be able to
>> achieve my goal by changing server.xml file (and adding some jars
>> with my custom code to tomcat).
>>
>> Before any one suggested that I should write custom Realm: I think it
>> will not work for me. My authentication method require access to ALL
>> information available from HTTP Request (not just user name/password)
>> also in some situations, access to HTTP Response is required as well.
>> It looks like this method:
>>
>> protected abstract boolean authenticate(Request
>> request,Response
>> response,LoginConfig config) throws IOException;
>>
>> or AuthenticatorBase class is the best place to be.
>>
>>
>> Your comments will be highly appreciated,
>>
>> Andrei Tchijov
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Szabolcs Márton <ma...@gmail.com>.
Hi!
its an options, i use sometime.
Create a filter.
a class likes this.
public class AuthenticationFilter implements Filter {
private static Logger log = Logger.getLogger(AuthenticationFilter.class);
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain)
throws IOException, ServletException {
....
add in web.xml this:
<filter>
<filter-name>myAuthfilter</filter-name>
<filter-class>
poker.web.filters.AuthenticationFilter
</filter-class>
<init-param>
<param-name>LoginURL</param-name>
<param-value>/login</param-value>
</init-param>
<init-param>
<param-name>DeniedURL</param-name>
<param-value>/denied.jsp</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>myAuthfilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
you can map a filter to an url-pattern, in this example everything.
in the filter you have the request and response as well.
you could create a response here, so its not get called the servlet,
or anything you called, because the filter dont let.
Or you can say to the filter to countine the processing, (when authenticated)
read about this on google for details.
i like this because its so simple, and so fast.
regards,
sZabi
2007/6/7, Andrei Tchijov <an...@tchijov.com>:
> Hi,
> I want to be able to add my own authentication method (login-config/
> auth-method) as one of possible choices. Is it possible to do so
> without re-compiling tomcat? Ideally, I would love to be able to
> achieve my goal by changing server.xml file (and adding some jars
> with my custom code to tomcat).
>
> Before any one suggested that I should write custom Realm: I think it
> will not work for me. My authentication method require access to ALL
> information available from HTTP Request (not just user name/password)
> also in some situations, access to HTTP Response is required as well.
> It looks like this method:
>
> protected abstract boolean authenticate(Request request,Response
> response,LoginConfig config) throws IOException;
>
> or AuthenticatorBase class is the best place to be.
>
>
> Your comments will be highly appreciated,
>
> Andrei Tchijov
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without
modifying tomcat?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrei,
Check out securityfilter (http://securityfilter.sourceforge.net). It
implements a filter as suggested by someone else, but it has been used
by others. Why reinvent the wheel?
There are two different interfaces that you can implement in order to do
your own authentication. One of these interfaces allows you to get the
whole HttpServletRequest object.
- -chris
Andrei Tchijov wrote:
> Hi,
> I want to be able to add my own authentication method
> (login-config/auth-method) as one of possible choices. Is it possible
> to do so without re-compiling tomcat? Ideally, I would love to be able
> to achieve my goal by changing server.xml file (and adding some jars
> with my custom code to tomcat).
>
> Before any one suggested that I should write custom Realm: I think it
> will not work for me. My authentication method require access to ALL
> information available from HTTP Request (not just user name/password)
> also in some situations, access to HTTP Response is required as well. It
> looks like this method:
>
> protected abstract boolean authenticate(Request request,Response
> response,LoginConfig config) throws IOException;
>
> or AuthenticatorBase class is the best place to be.
>
>
> Your comments will be highly appreciated,
>
> Andrei Tchijov
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGaK0E9CaO5/Lv0PARAtKvAJ90h8NFrIennqNNd8iIdjlYQ9Vr7QCfS/IW
q39ssFcASe8Vqahla2mqVIU=
=7CGy
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Bill Barker <wb...@wilshire.com>.
"Andrei Tchijov" <an...@tchijov.com> wrote in message
news:A1A3E81D-15B7-41B3-BE75-080BEF6C6CA2@tchijov.com...
> Bill,
> Tomcat will use my authenticator regardless of "login-config/auth-
> method" setting? If it is the case, how my Authenticator can figure- out
> what auth-method was configured (normally my authentication method will
> be used in-addition to what ever standard method has been used)?
> Thanks,
>
Yes, if you explicitly configure an Authenticator, Tomcat assumes that you
know what you are doing. You can query the LoginConfig from the Context to
get the method. Your Authenticator is responsible for whatever should be
configured on the Response in the event that authentication fails.
But from what you say, you may just want a plain Valve instead. If your
Valve sets the Principal on the Request, all of Tomcat's Authenticators will
assume that the user is logged in, and accept the request (assuming that the
roles match).
> Andrei
>
> On Jun 7, 2007, at 9:51 PM, Bill Barker wrote:
>
>>
>> "Andrei Tchijov" <an...@tchijov.com> wrote in message
>> news:96E0DEA3-0DFB-4AAC-B0B6-2A16D5896CB0@tchijov.com...
>>> I understand. My problem it twofold. In order to make an
>>> authentication
>>> decision ...
>>> - I need to have an access to some information from HTTP Request,
>>> - I need to be able build HTTP Response (basically, I need to be able
>>> to
>>> issue challenge in response to authentication request).
>>> As I stated in my original post, I think that right place to put this
>>> kind of functionality is authenticator. My original question was, if
>>> it
>>> is possible to register new Authenticator without re-compiling Tomcat.
>>>
>>>
>>
>> Yes, it is possible. You just create your own Authenticator class
>> (probably
>> extending Tomcat's AuthenticatorBase and implementing the authenticate
>> method). Then you do:
>> <Context ......>
>> <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
>> ....
>> </Context>
>> This will cause Tomcat to use your Authenticator instead of one of it's
>> own.
>>
>>> On Jun 7, 2007, at 5:06 PM, Caldarale, Charles R wrote:
>>>
>>>>> From: Andrei Tchijov [mailto:andrei@tchijov.com]
>>>>> Subject: Re: Is it possible to introduce new authentication
>>>>> method without modifying tomcat?
>>>>>
>>>>> I was just commenting that I can not see how JAASRealm
>>>>> (or any Realm for that matter) can help me
>>>>
>>>> Specifying JAASRealm as the <Realm> gives you the opportunity to
>>>> implement your own LoginModule. Such a LoginModule can utilize any
>>>> number of authentication mechanisms - all under your control.
>>>>
>>>> - Chuck
>>>>
>>>>
>>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
>>>> PROPRIETARY
>>>> MATERIAL and is thus for use only by the intended recipient. If you
>>>> received this in error, please contact the sender and delete the e-
>>>> mail
>>>> and its attachments from all computers.
>>>>
>>>> --------------------------------------------------------------------
>>>> -
>>>> To start a new topic, e-mail: users@tomcat.apache.org
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Andrei Tchijov <an...@tchijov.com>.
Bill,
Tomcat will use my authenticator regardless of "login-config/auth-
method" setting? If it is the case, how my Authenticator can figure-
out what auth-method was configured (normally my authentication
method will be used in-addition to what ever standard method has been
used)?
Thanks,
Andrei
On Jun 7, 2007, at 9:51 PM, Bill Barker wrote:
>
> "Andrei Tchijov" <an...@tchijov.com> wrote in message
> news:96E0DEA3-0DFB-4AAC-B0B6-2A16D5896CB0@tchijov.com...
>> I understand. My problem it twofold. In order to make an
>> authentication
>> decision ...
>> - I need to have an access to some information from HTTP Request,
>> - I need to be able build HTTP Response (basically, I need to be
>> able to
>> issue challenge in response to authentication request).
>> As I stated in my original post, I think that right place to put this
>> kind of functionality is authenticator. My original question was,
>> if it
>> is possible to register new Authenticator without re-compiling
>> Tomcat.
>>
>>
>
> Yes, it is possible. You just create your own Authenticator class
> (probably
> extending Tomcat's AuthenticatorBase and implementing the authenticate
> method). Then you do:
> <Context ......>
> <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
> ....
> </Context>
> This will cause Tomcat to use your Authenticator instead of one of
> it's own.
>
>> On Jun 7, 2007, at 5:06 PM, Caldarale, Charles R wrote:
>>
>>>> From: Andrei Tchijov [mailto:andrei@tchijov.com]
>>>> Subject: Re: Is it possible to introduce new authentication
>>>> method without modifying tomcat?
>>>>
>>>> I was just commenting that I can not see how JAASRealm
>>>> (or any Realm for that matter) can help me
>>>
>>> Specifying JAASRealm as the <Realm> gives you the opportunity to
>>> implement your own LoginModule. Such a LoginModule can utilize any
>>> number of authentication mechanisms - all under your control.
>>>
>>> - Chuck
>>>
>>>
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
>>> PROPRIETARY
>>> MATERIAL and is thus for use only by the intended recipient. If you
>>> received this in error, please contact the sender and delete the
>>> e- mail
>>> and its attachments from all computers.
>>>
>>> --------------------------------------------------------------------
>>> -
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Bill Barker <wb...@wilshire.com>.
"Andrei Tchijov" <an...@tchijov.com> wrote in message
news:96E0DEA3-0DFB-4AAC-B0B6-2A16D5896CB0@tchijov.com...
>I understand. My problem it twofold. In order to make an authentication
>decision ...
> - I need to have an access to some information from HTTP Request,
> - I need to be able build HTTP Response (basically, I need to be able to
> issue challenge in response to authentication request).
> As I stated in my original post, I think that right place to put this
> kind of functionality is authenticator. My original question was, if it
> is possible to register new Authenticator without re-compiling Tomcat.
>
>
Yes, it is possible. You just create your own Authenticator class (probably
extending Tomcat's AuthenticatorBase and implementing the authenticate
method). Then you do:
<Context ......>
<Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
....
</Context>
This will cause Tomcat to use your Authenticator instead of one of it's own.
> On Jun 7, 2007, at 5:06 PM, Caldarale, Charles R wrote:
>
>>> From: Andrei Tchijov [mailto:andrei@tchijov.com]
>>> Subject: Re: Is it possible to introduce new authentication
>>> method without modifying tomcat?
>>>
>>> I was just commenting that I can not see how JAASRealm
>>> (or any Realm for that matter) can help me
>>
>> Specifying JAASRealm as the <Realm> gives you the opportunity to
>> implement your own LoginModule. Such a LoginModule can utilize any
>> number of authentication mechanisms - all under your control.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e- mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Is it possible to introduce new authentication method without modifying tomcat?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Andrei Tchijov [mailto:andrei@tchijov.com]
> Subject: Re: Is it possible to introduce new authentication
> method without modifying tomcat?
>
> My problem it twofold. In order to make an
> authentication decision ...
> - I need to have an access to some information from HTTP Request,
> - I need to be able build HTTP Response
This may be doable with a filter to handle the multi-part authentication
negotiation. For an example of how that can be done in a Tomcat
environment, take a look at:
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
Although the above is specific to NTLM, the technique should work for
any mechanism that requires multiple messages for the authentication.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Andrei Tchijov <an...@tchijov.com>.
I understand. My problem it twofold. In order to make an
authentication decision ...
- I need to have an access to some information from HTTP Request,
- I need to be able build HTTP Response (basically, I need to be
able to issue challenge in response to authentication request).
As I stated in my original post, I think that right place to put this
kind of functionality is authenticator. My original question was, if
it is possible to register new Authenticator without re-compiling
Tomcat.
On Jun 7, 2007, at 5:06 PM, Caldarale, Charles R wrote:
>> From: Andrei Tchijov [mailto:andrei@tchijov.com]
>> Subject: Re: Is it possible to introduce new authentication
>> method without modifying tomcat?
>>
>> I was just commenting that I can not see how JAASRealm
>> (or any Realm for that matter) can help me
>
> Specifying JAASRealm as the <Realm> gives you the opportunity to
> implement your own LoginModule. Such a LoginModule can utilize any
> number of authentication mechanisms - all under your control.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-
> mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Is it possible to introduce new authentication method without modifying tomcat?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Andrei Tchijov [mailto:andrei@tchijov.com]
> Subject: Re: Is it possible to introduce new authentication
> method without modifying tomcat?
>
> I was just commenting that I can not see how JAASRealm
> (or any Realm for that matter) can help me
Specifying JAASRealm as the <Realm> gives you the opportunity to
implement your own LoginModule. Such a LoginModule can utilize any
number of authentication mechanisms - all under your control.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Andrei Tchijov <an...@tchijov.com>.
I do appreciate that Realm "in general" should not be concern with
Request/Response. One of previous replies to my original question
suggested that I should look into JAASRealm for the solution to my
problem (which does require access to Request/Response). I was just
commenting that I can not see how JAASRealm (or any Realm for that
matter) can help me
Andrei
On Jun 7, 2007, at 4:47 PM, Caldarale, Charles R wrote:
>> From: Andrei Tchijov [mailto:andrei@tchijov.com]
>> Subject: Re: Is it possible to introduce new authentication
>> method without modifying tomcat?
>>
>> Nowhere in the code I can see any indication of how to get
>> to HTTP Request and HTTP Response from Realm code.
>
> Why would you want to do that? A Realm is utilized during
> authentication, which is triggered when a request attempts to access a
> controlled resource. Once authenticated, the user information is
> available through the Session object. No logic in the Realm should
> care
> about individual requests or responses.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-
> mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Is it possible to introduce new authentication method without modifying tomcat?
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Andrei Tchijov [mailto:andrei@tchijov.com]
> Subject: Re: Is it possible to introduce new authentication
> method without modifying tomcat?
>
> Nowhere in the code I can see any indication of how to get
> to HTTP Request and HTTP Response from Realm code.
Why would you want to do that? A Realm is utilized during
authentication, which is triggered when a request attempts to access a
controlled resource. Once authenticated, the user information is
available through the Session object. No logic in the Realm should care
about individual requests or responses.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without modifying tomcat?
Posted by Andrei Tchijov <an...@tchijov.com>.
I will be first to admin that I may be silly bugger, but I can not
see how JAASRealm can help me. Nowhere in the code I can see any
indication of how to get to HTTP Request and HTTP Response from Realm
code.
Please enlighten...
Andrei
On Jun 7, 2007, at 12:47 PM, Pid wrote:
> Andrei Tchijov wrote:
>> Hi,
>> I want to be able to add my own authentication method (login-
>> config/auth-method) as one of possible choices. Is it possible to
>> do so without re-compiling tomcat? Ideally, I would love to be
>> able to achieve my goal by changing server.xml file (and adding
>> some jars with my custom code to tomcat).
>> Before any one suggested that I should write custom Realm: I think
>> it will not work for me. My authentication method require access
>> to ALL information available from HTTP Request (not just user name/
>> password) also in some situations, access to HTTP Response is
>> required as well. It looks like this method:
>> protected abstract boolean authenticate(Request
>> request,Response response,LoginConfig config) throws IOException;
>> or AuthenticatorBase class is the best place to be.
>> Your comments will be highly appreciated,
>
> Have you looked into using a JAASRealm?
>
> p
>
>> Andrei Tchijov
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Is it possible to introduce new authentication method without
modifying tomcat?
Posted by Pid <p...@pidster.com>.
Andrei Tchijov wrote:
> Hi,
> I want to be able to add my own authentication method
> (login-config/auth-method) as one of possible choices. Is it possible
> to do so without re-compiling tomcat? Ideally, I would love to be able
> to achieve my goal by changing server.xml file (and adding some jars
> with my custom code to tomcat).
>
> Before any one suggested that I should write custom Realm: I think it
> will not work for me. My authentication method require access to ALL
> information available from HTTP Request (not just user name/password)
> also in some situations, access to HTTP Response is required as well. It
> looks like this method:
>
> protected abstract boolean authenticate(Request request,Response
> response,LoginConfig config) throws IOException;
>
> or AuthenticatorBase class is the best place to be.
>
>
> Your comments will be highly appreciated,
Have you looked into using a JAASRealm?
p
> Andrei Tchijov
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>