tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 45283] Allow multiple authenticators to be added to pipeline
Date Fri, 27 Jun 2008 07:38:10 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=45283


Dr. Albrecht Weinert <albrecht@a-weinert.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |albrecht@a-weinert.de




--- Comment #4 from Dr. Albrecht Weinert <albrecht@a-weinert.de>  2008-06-27 00:38:09
PST ---
It seems that two things are discussed here in one plase:

 1  multiple authenitcators  (this is no comment to hereto) 
 2  realm chaining

2 is often quite necessary and not (yet?) done in Tomcat.

configurable realm chaining would be the real answer to
"What would be possible would be a realm that uses one method by default and
falls back to a second if the first fails."

Writing such realm is a workaround   as e.g. de.a_weinert.realm.ADweRealm
(l)
falls in this category.
It authenticates against an Active Directory using all direct and (multilevel)
indirect groups as roles. If the user is not in the AD (company member) it will
fall back to a simple LDAP/JNDI (for e.g. guest members).

Of course, en lieu of making ADweRealm falling back to a supplementary LDAP it
would be much better to have it being chained (by Tomcat config) to any next
realm.

URLs (javadoc, source, background):
http://www.a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.htm
http://www.a-weinert.de/java/docs/aWeinertBib/de/a_weinert/doc-files/ADweRealm.java
http://www.a-weinert.de/weinert/pub/tomcat-win-ad.pdf (German)


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message