Custom Authenticator

[Thomas Meyer <th...@m3y3r.de>]

Hi,

How do I get a custom mapping set in  
ContextConfig.setCustomAuthenticators? (  
https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/startup/ContextConfig.html#setCustomAuthenticators(java.util.Map)  
)

I want to add a custom mapping for lets say BEARER to a my Authenticator.
I searched the source code but nobody seems to call this method. So  
how and where should this map be configured?

With kind regards
Thomas


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Custom Authenticator

[Thomas Meyer <th...@m3y3r.de>]

Am Mittwoch, den 01.06.2016, 09:29 -0400 schrieb Christopher Schultz:
> Thomas,
> 
> On 6/1/16 7:15 AM, Thomas Meyer wrote:
> > 
> > Hi,
> > 
> > How do I get a custom mapping set in�
> > ContextConfig.setCustomAuthenticators? (�
> > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/st
> > art
> up/ContextConfig.html#setCustomAuthenticators(java.util.Map)
> > 
> > 
> > 
> )
> > 
> > 
> > I want to add a custom mapping for lets say BEARER to a my
> > Authenticator. I searched the source code but nobody seems to call
> > this method. So how and where should this map be configured?
> Do you mean that you want to replace FORM or CLIENT-CERT in web.xml
> with BEARER and have it use your authenticator?
> 
> Would you be okay if you just ignored the <auth-method> and installed
> your own authenticator? Because you can do that just by registering
> your CustomAuthenticatorValve in your valve chain for your
> application.


Hi,

I came up with this solution:

1.) use custom host implementation

in conf/server.xml in <Host> add
className="de.m3y3r.catalina.core.CustomStandardHost" attribute

2.) webapp's web.xml - add login-config

<login-config>
��<auth-method>BEARER</auth-method>
��<realm-name>OAuthRealm</realm-name>
</login-config>

Apply security-constraint as usual. use role "**" if you just want
authentication.

3.) in webapp's context.xml define a suitable realm

<Realm className="de.m3y3r.catalina.realm.OAuthIntrospectionRealm"
� � endpointIntrospection="https://localhost:8080/path/to/endpoint"
� � clientId="username"
� � clientSecret="password"/>

Code is here:�https://github.com/thomasmey/BearerTokenAuthenticator

Feedback is welcome.

with kind regard
Thomas


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Custom Authenticator

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas,

On 6/1/16 7:15 AM, Thomas Meyer wrote:
> Hi,
> 
> How do I get a custom mapping set in 
> ContextConfig.setCustomAuthenticators? ( 
> https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/start
up/ContextConfig.html#setCustomAuthenticators(java.util.Map)
>
> 
)
> 
> I want to add a custom mapping for lets say BEARER to a my
> Authenticator. I searched the source code but nobody seems to call
> this method. So how and where should this map be configured?

Do you mean that you want to replace FORM or CLIENT-CERT in web.xml
with BEARER and have it use your authenticator?

Would you be okay if you just ignored the <auth-method> and installed
your own authenticator? Because you can do that just by registering
your CustomAuthenticatorValve in your valve chain for your application.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldO40AACgkQ9CaO5/Lv0PBKCwCgkPlnOXK1U01agZ152xdQrKbr
NKcAoMI1CZZUZf5cSVLvN4cZ75Ho5+qf
=njpx
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org