You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Tim McLaughlin <ti...@macwebb.com> on 2002/07/30 01:00:17 UTC

Custom org.apache.catalina.authenticator

Hello,

The Question:
How do I specify a class other than
org.catalina.authenticator.BasicAuthenticator to handle Basic
authentication?




Background:
I have created a modification of
org.apache.catalina.authenticator.AuthenticatorBase, called
PerContextAuthenticatorBase, and have the accompanying BasicAuthenticator
class (PerContextBasicAuthenticator) that extends my new Base.  I would like
to use it rather than BasicAuthenticator.  I cannot seem to find where to do
that.

I am trying to set up a system where I can assign management of a particular
Web application to a specific user or group.  For this purpose I have made
my own version of the HTMLManagerServlet, called
HTMLPerContextManagerServlet.  The difference between mine is best
illustrated by an example URL:

    http://localhost/pc-manager/myServletName?command=reload
    -- instead of --
    http://localhost/manager/reload?path=/myServletName

This allows me to use the standard Realm setup to protect each path.
Unfortunately I need to have one line in the pc-manager servlet's web.xml
file for each context.  In the near future, I will have access to an LDAP
store with the user/group information, and I will be using that to
authenticate users, so I would rather customize the authenticator to take
advantage of our setup.  Basically the accessControl() method looks at some
store of group->appPath mappings, and if the app being managed
(myServletName in the example above) is in the list for the user attempting
a login, it returns true just as if the group in web.xml had been matched.
This lets me keep the authorized list out of the web.xml file.

I apologize for the length of the post.  Any help letting me know how to
specify a custom class to use instead of

Thanks,
Tim




--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Custom org.apache.catalina.authenticator

Posted by Tim McLaughlin <ti...@macwebb.com>.

On Monday, July 29, 2002, at 05:51 , Craig R. McClanahan wrote:

> On Mon, 29 Jul 2002, Tim McLaughlin wrote:
>
>> The Question:
>> How do I specify a class other than
>> org.catalina.authenticator.BasicAuthenticator to handle Basic
>> authentication?
>
> There is a properties file in the org.apache.catalina.authenticator
> package that defines the mapping of authentication method to classname.
> You would need to customize this file in
> $CATALINA_HOME/server/lib/catalina.jar.
>
> Or, an easier approach would be to copy your customized version of this
> file into the
> $CATALINA_HOME/server/classes/org/apache/catalina/authenticator 
> directory
> (which you'd have to create).  This works because the Catalina class
> loaders load from the "classes" directory before they load from 
> JAR files
> in the corresponding "lib" directory -- this works both for the server
> class loader (server/classes before server/lib), the common class 
> loader
> (common/classes before common/lib) and the webapp class loader
> (WEB-INF/classes before WEB-INF/lib).

The only properties file I found in 
src/share/org/apache/catalina/authenticator directory was for the 
LocalStrings translations.  However, the package.html file 
mentioned the 
src/share/org/apache/catalina/startup/Authenticators.properties 
file.

I have created a copy in $CATALINA_HOME/server/webapps/pc-
manager/WEB-
INF/classes/org/apache/catalina/startup/Authenticator.properties 
and specified my custom class, PerContextBasicAuthenticator for 
BASIC.

I then restarted tomcat, but the log shows that it is not using my 
class (debug=3), instead using the default class.  So I moved the 
new file to 
$CATALINA_HOME/server/classes/org/apache/catalina/startup/Authenticator.properties 
and then it works.

When I specify a class to handle BASIC authentication, do I have to 
do it server-wide, or can I do it on a per-context basis?

Thanks,
Tim

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Custom org.apache.catalina.authenticator

Posted by "Craig R. McClanahan" <cr...@apache.org>.

On Mon, 29 Jul 2002, Tim McLaughlin wrote:

> Date: Mon, 29 Jul 2002 16:00:17 -0700
> From: Tim McLaughlin <ti...@macwebb.com>
> Reply-To: Tomcat Users List <to...@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: Custom org.apache.catalina.authenticator
>
> Hello,
>
> The Question:
> How do I specify a class other than
> org.catalina.authenticator.BasicAuthenticator to handle Basic
> authentication?
>

There is a properties file in the org.apache.catalina.authenticator
package that defines the mapping of authentication method to classname.
You would need to customize this file in
$CATALINA_HOME/server/lib/catalina.jar.

Or, an easier approach would be to copy your customized version of this
file into the
$CATALINA_HOME/server/classes/org/apache/catalina/authenticator directory
(which you'd have to create).  This works because the Catalina class
loaders load from the "classes" directory before they load from JAR files
in the corresponding "lib" directory -- this works both for the server
class loader (server/classes before server/lib), the common class loader
(common/classes before common/lib) and the webapp class loader
(WEB-INF/classes before WEB-INF/lib).

Craig

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>