Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
To: tomcat-user@jakarta.apache.org
From: "Bill Barker" <wbarker@wilshire.com>
Subject: Re: Can I chain authenticators?
Date: Tue, 17 Feb 2004 23:19:41 -0800
Lines: 73
Message-ID: <c0v2un$u14$1@sea.gmane.org>
References: <Law12-F75kLwxTQTYkW0001d3f7@hotmail.com>
Sender: news <news@sea.gmane.org>


"Ryan Rhodes" <ryanshaerhodes@hotmail.com> wrote in message
news:Law12-F75kLwxTQTYkW0001d3f7@hotmail.com...
> I have a portal project.  I need to allow users to navigate seamlessly
from
> the portal to a commercial product that's based on Tomcat 4.1 and uses
Basic
> Authentication.  To get around this, I hacked BasicAuthenticator and added
> some code to get the credentials from the request body:
>
>         if( hreq.getMethod().toUpperCase().equals("POST") &&
>             hreq.getParameter("username") != null &&
>             hreq.getParameter("password") != null ) {
>                 username = hreq.getParameter("username");
>                 password = hreq.getParameter("password");
>
>             principal =
context.getRealm().authenticate(username,password);
>             if (principal != null) {
>                 register(request, response, principal,
> Constants.BASIC_METHOD,
>                          username, password);
>                 return (true);
>             }
>         }
>
> I read in the lists somewhere that if I add a custom Authenticator it will
> disable the Basic Authenticator.  Can I separate this code out and chain
the
> Authenticators together?  What level should I configure the Valve at for
the
> Authenticator?
>

It has to be configured at the Context level if it implement Authenticator.
The same is true for your code above, since the Context isn't known until
then.  For what you want, you could probably also use a non-Authenticator
valve, and call request.setUserPrincipal with the Principal that is returned
by the Realm.  Then BasicAuthenticator will think that you are already
authenticated, and let you through.

> Incidentally, I tried like hell to do this with a Valve.  It seems like no
> matter which container you put the Valve in the Basic Authenticator always
> runs first and causes the login dialog to popup in the browser.  It would
be
> great if anyone could confirm this or explain the ordering of valves and
> authenticators to me a little better.  Here is the code I used for the
valve
> approach:
>
> if( req.getMethod().equals("POST") ) {
> if( req.getParameter("username") != null && req.getParameter("password")
!=
> null ) {
> String unencoded = req.getParameter("username") + ":" +
> req.getParameter("password");
> String encoded = new String(Base64.encode(unencoded.getBytes()));
> HttpRequest hreq = (HttpRequest) request;
> hreq.setMethod("GET");
> hreq.addHeader("AUTHORIZATION", "BASIC " + encoded);
> log("HTTP Basic Credentials:  " + unencoded );
> } }
>
> Thanks for any help,
>
> Ryan Rhodes
>
> _________________________________________________________________
> Get fast, reliable access with MSN 9 Dial-up. Click here for Special
Offer!
> http://click.atdmt.com/AVE/go/onm00200361ave/direct/01/


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org