tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 45283] New: Allow multiple authenticators to be added to pipeline
Date Wed, 25 Jun 2008 23:05:40 GMT

           Summary: Allow multiple authenticators to be added to pipeline
           Product: Tomcat 6
           Version: 6.0.16
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Catalina

Apparently, the current approach (per the code in authenticatorConfig() method
of org.apache.catalina.startup.ContextConfig class) is to restrict only one
authenticator per pipeline.

While this may seem logical, practical requirements may want to add multiple
authenticators and the actual authentication may be handled by either one of
them or multiple of them, depending on the requirements.

For example, if you allow a certificate authenticator (say custom) and a BASIC
authenticator in the pipeline, the certificate authenticator may apply only for
certain URIs, and the BASIC authenticator may apply for some other URIs.

Another example is that - in a specific installation - both of them might apply
to any given request - meaning that the request has to have a good certificate
as well as a good username/password.

This philosophy can be seen similar to the philosophy of having multiple valves
in the pipeline.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message