tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Cittadini" <>
Subject Realm design
Date Fri, 23 Mar 2001 02:41:16 GMT
I have a few questions about the Realm design:

a)                   How does a Realm find details of the Login Config for
the Context currently being authenticated?  When developing a Realm it may
be very useful to determine the authentication method used.  However, at the
moment the Realm is just told to authenticate.  The Realm may also be
attached to the "global" level and therefore have no idea which Context the
authentication request came from.   Seems to me that it would be useful for
the Realm to be able to determine the Login Config so that it can adjust any
authentication processes as required.
b)                   Why aren't CLIENT-CERT authentications passed onto the
registered Realm?  At the moment, Realms only see to be passed to process
BASIC authentication requests.  At the moment certificate requests are
processed by the automatically injected CertificateValve.  Why can't Realms
process CLIENT-CERT requests?

Thanks, David.

View raw message