tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Böhringer Jochen <Jochen.Boehrin...@tcc-products.de>
Subject Re: Executing Valve before Basic Authentication takes place
Date Tue, 04 Jul 2006 15:25:05 GMT


>Again, put your valve in host, not context if you want it to be called 
>before authentification

Sorry I misunderstood your hint. Now I have this configuration (with Valve and Host element
on the same level):

[...]
<Valve className="de.tccproducts.valves.PenFrameworkAuthenticationValve" />
         
<Host name="localhost"
            autoDeploy="false" deployOnStartup="false" deployXML="false">
[...]

Now my valve is called before the response the authentication takes place. But adding the
Authorization header before the BasicAuthenticator is called does not prevent the BasicAuthenticator
from sending back a SC_UNAUTHORIZED.

I add the basic authentication header using this method in my valve:

request.addHeader("Authorization", "Basic am9jaGVuYjpqb2NoZW5i");

But if I have a look in the BasicAuthenticator implementation I can see, that the basic authenticator
reads the header's value using this code:

MessageBytes authorization = 
            request.getCoyoteRequest().getMimeHeaders()
            .getValue("authorization");

So I think the request object I modify does not reflect its changes to the CoyoteRequest the
BasicAuthenticator reads the values from. Is there a solution to modify the CoyoteRequest?

Regards
Jochen

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message