tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Toth <>
Subject Customizing BASIC authentication
Date Sat, 14 Aug 2004 03:21:48 GMT
Hi all,

I've been spending the last few hours reading about realms,
valves, authenticators and the like, and I'm totally confused.
I'm hoping if I describe my situation, someone can help me
cut through the fog.

I'm working on a simple web app that will feed custom RSS XML
to clients that must use basic authentication. In my application,
I need to do more than just look up users somewhere. Instead, the
login/password values returned via basic authentication headers will be used
in some fairly complex ways to both authenticate and then
construct the custom response.

What is the simplest way to customize basic authentication
in Tomcat 4? It seems that realms are not the way to go, since
they just handle authentication and have nothing to do with the
request/response. Valves/authenticators seem like overkill. Form
based authentication is not an option.

Can I have Tomcat manage basic authentication headers but pass
the login/password values to my code? And can I then have access
to that information in the servlet that creates the response?

Many thanks,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message