tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45283] Allow multiple authenticators to be added to pipeline
Date Fri, 27 Jun 2008 07:38:10 GMT

Dr. Albrecht Weinert <> changed:

           What    |Removed                     |Added
                 CC|                            |

--- Comment #4 from Dr. Albrecht Weinert <>  2008-06-27 00:38:09
PST ---
It seems that two things are discussed here in one plase:

 1  multiple authenitcators  (this is no comment to hereto) 
 2  realm chaining

2 is often quite necessary and not (yet?) done in Tomcat.

configurable realm chaining would be the real answer to
"What would be possible would be a realm that uses one method by default and
falls back to a second if the first fails."

Writing such realm is a workaround   as e.g. de.a_weinert.realm.ADweRealm
falls in this category.
It authenticates against an Active Directory using all direct and (multilevel)
indirect groups as roles. If the user is not in the AD (company member) it will
fall back to a simple LDAP/JNDI (for e.g. guest members).

Of course, en lieu of making ADweRealm falling back to a supplementary LDAP it
would be much better to have it being chained (by Tomcat config) to any next

URLs (javadoc, source, background): (German)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message