tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Schenk <>
Subject MyFormAuthenticator
Date Wed, 27 Jul 2005 22:17:59 GMT

is it possible, to write other FormAuthenticators?

I am interested in a class MyFormAuthenticator that can be used instead of the 
FormAuthenticator shipped with tomact. The difference to FormAuthenticator 
would be small: instead of using the parameters j_username and j_password 
only, the corresponding form would contain a third parameter, e.g. j_xyz, 
which is then additionally used for authentication. That is, I would also 
need my own class MyRealm, that has a method with the signature 

Principal authenticate(String, String, String)

This additional authentication method (form based with three parameters, 
username, password and something else) should not contradict the servlet 2.4 
and j2ee 1.4 specs -- but I am no expert.

I am really new to tomcat, so I cannot judge whether there are problems that 
make this impossible or complicated to implement. The intention is, that 
MyFormAuthenticator can be specified in the Form Authenticator Valve and 
MyRealm in a Realm tag. Unfortunately the doc says, that this MUST not be 
done. Why?

Thanks for any answers,

Andreas Schenk

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message