tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony Bowesman <>
Subject Re: Session variables in TC 4.0.1 realms
Date Tue, 13 Nov 2001 08:36:39 GMT

> I'm going to develop an authentication realm (based on FORM 
> authentication) for TC 4.0.1 which performs a kind of
> challenge/response task: Put a challange into a session variable
> on the login page (.jsp). The expected password would then be the 
> encrypted challenge. Whithin my realm the decryption of the
> response and the verification against the stored session variable
> has to be performed. The problem is that the HTTP request is not
> accessible whithin TC 4.x realms. This was possible in TC 3.x.
> Is there any possibility to access a session variable in a TC 4.x
> custom realm? Thank you.

I came across the same problem in that the realm can only get the
username/password from a form page and no other parameters you may want
to use.  (We have other parameters the user can select at login to
indicate post login preferences).  Solution is to modify the Realm
interface o.a.c.Realm to add

    public Principal authenticate(String username, String credentials,
                                  HttpServletRequest hreq);

and modified o.a.c.realm.RealmBase 

    public Principal authenticate(String username, String credentials,
                                  HttpServletRequest hreq)
        return authenticate(username, credentials);

and then clone o.a.c.authenticator.FormAuthenticator so that it calls

    context.getRealm().authenticate(username, password, hreq);

Craig has relied to one of my earlier messages entitled 'Getting
HttpRequest inside Realm/Tomcat 4' and the reasons behind why it was not

You can use your own FormAuthenticator class by putting your class name
in the  You have to install
these 2 class files and properties files as classes in the
server/classes directory so they are loaded before the ones from the
catalina.jar in server/lib


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message