You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Thomas Meyer <th...@m3y3r.de> on 2016/06/01 11:15:04 UTC
Custom Authenticator
Hi,
How do I get a custom mapping set in
ContextConfig.setCustomAuthenticators? (
https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/startup/ContextConfig.html#setCustomAuthenticators(java.util.Map)
)
I want to add a custom mapping for lets say BEARER to a my Authenticator.
I searched the source code but nobody seems to call this method. So
how and where should this map be configured?
With kind regards
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Custom Authenticator
Posted by Thomas Meyer <th...@m3y3r.de>.
Am Mittwoch, den 01.06.2016, 09:29 -0400 schrieb Christopher Schultz:
> Thomas,
>
> On 6/1/16 7:15 AM, Thomas Meyer wrote:
> >
> > Hi,
> >
> > How do I get a custom mapping set in�
> > ContextConfig.setCustomAuthenticators? (�
> > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/st
> > art
> up/ContextConfig.html#setCustomAuthenticators(java.util.Map)
> >
> >
> >
> )
> >
> >
> > I want to add a custom mapping for lets say BEARER to a my
> > Authenticator. I searched the source code but nobody seems to call
> > this method. So how and where should this map be configured?
> Do you mean that you want to replace FORM or CLIENT-CERT in web.xml
> with BEARER and have it use your authenticator?
>
> Would you be okay if you just ignored the <auth-method> and installed
> your own authenticator? Because you can do that just by registering
> your CustomAuthenticatorValve in your valve chain for your
> application.
Hi,
I came up with this solution:
1.) use custom host implementation
in conf/server.xml in <Host> add
className="de.m3y3r.catalina.core.CustomStandardHost" attribute
2.) webapp's web.xml - add login-config
<login-config>
��<auth-method>BEARER</auth-method>
��<realm-name>OAuthRealm</realm-name>
</login-config>
Apply security-constraint as usual. use role "**" if you just want
authentication.
3.) in webapp's context.xml define a suitable realm
<Realm className="de.m3y3r.catalina.realm.OAuthIntrospectionRealm"
� � endpointIntrospection="https://localhost:8080/path/to/endpoint"
� � clientId="username"
� � clientSecret="password"/>
Code is here:�https://github.com/thomasmey/BearerTokenAuthenticator
Feedback is welcome.
with kind regard
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Custom Authenticator
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas,
On 6/1/16 7:15 AM, Thomas Meyer wrote:
> Hi,
>
> How do I get a custom mapping set in
> ContextConfig.setCustomAuthenticators? (
> https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/start
up/ContextConfig.html#setCustomAuthenticators(java.util.Map)
>
>
)
>
> I want to add a custom mapping for lets say BEARER to a my
> Authenticator. I searched the source code but nobody seems to call
> this method. So how and where should this map be configured?
Do you mean that you want to replace FORM or CLIENT-CERT in web.xml
with BEARER and have it use your authenticator?
Would you be okay if you just ignored the <auth-method> and installed
your own authenticator? Because you can do that just by registering
your CustomAuthenticatorValve in your valve chain for your application.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAldO40AACgkQ9CaO5/Lv0PBKCwCgkPlnOXK1U01agZ152xdQrKbr
NKcAoMI1CZZUZf5cSVLvN4cZ75Ho5+qf
=njpx
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org