Accessing security credentials from a global valve.

[Luke Taylor <lu...@freesurf.ch>]

Hi,

I'm trying to write a Valve which can be used to automatically setup a 
security association with an external server (JBoss), using the security 
information from a Catalina realm. This necessitates getting access to 
the username and password used to authenticate the user making the request.

This used to be trivial in Tomcat 3.2 (a few lines of code) but seems 
more complicated, if not impossible in Tomcat 4, which doesn't appear to 
provide easy access to the information - I can't actually work out 
whether it caches the password at all in fact.

I've been looking at the code in AuthenticatorBase which appears to 
cache "notes" in the session object which could be used ??

However if I try and use these in a valve which is configured globally 
(not within a particular context) then there isn't a session available 
to access.

Can anyone tell me if this is possible and if so give some hints about 
how I could go about it.

cheers,

Luke.

-- 
  Luke Taylor.                                  Monkey Machine Ltd.
  PGP Key ID: 0x57E9523C                        http://www.mkeym.com




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>