tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: help for a realm author
Date Sun, 02 Feb 2003 23:34:33 GMT

On Sun, 2 Feb 2003, Tony Dahbura wrote:

> Date: Sun, 02 Feb 2003 15:56:01 -0500
> From: Tony Dahbura <>
> Reply-To: Tomcat Developers List <>
> To: Tomcat Developers List <>
> Subject: help for a realm author
> Team:
> When tomcat is configured to support client side certificates for
> authentication-what method does it call in a realm package?

Have a look at the authenticate() method in
org.apache.catalina.authenticator.SSLAuthenticator, and you'll see that
Tomcat calls the Realm.authenticate() method that takes a certificate
chain as an argument.  If your Realm implementation subclasses RealmBase
and you don't override it, the version of this method in
org.apache.catalina.realm.RealmBase will get executed.

> For instance for form and uid/password authentication it calls the
> method
> public Principal authenticate(String username, String credentials)
> For a certificate based access model is there another method tomcat will
> call in the realm module?  I am trying to add certificate support to my
> realm module and do not see much info on this?
> I would assume that Tomcat would support calling into a realm module
> when client side certificates are enabled or is this handled differently
> and outside of  the domain of realm modules-please elaborate if so?

Note that none of the above actually happens unless the user tries to
access a webapp resource that is protected by a security constraint.

> I may start the document on how to build realm modules as it has been
> marked as a fixme for quite some time if the group thinks this would be
> helpful.

That would be a very useful document.

> Thanks for the assist on the above,
> Tony


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message