tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Böhringer Jochen <>
Subject Re: Executing Valve before Basic Authentication takes place
Date Tue, 04 Jul 2006 15:25:05 GMT

>Again, put your valve in host, not context if you want it to be called 
>before authentification

Sorry I misunderstood your hint. Now I have this configuration (with Valve and Host element
on the same level):

<Valve className="de.tccproducts.valves.PenFrameworkAuthenticationValve" />
<Host name="localhost"
            autoDeploy="false" deployOnStartup="false" deployXML="false">

Now my valve is called before the response the authentication takes place. But adding the
Authorization header before the BasicAuthenticator is called does not prevent the BasicAuthenticator
from sending back a SC_UNAUTHORIZED.

I add the basic authentication header using this method in my valve:

request.addHeader("Authorization", "Basic am9jaGVuYjpqb2NoZW5i");

But if I have a look in the BasicAuthenticator implementation I can see, that the basic authenticator
reads the header's value using this code:

MessageBytes authorization = 

So I think the request object I modify does not reflect its changes to the CoyoteRequest the
BasicAuthenticator reads the values from. Is there a solution to modify the CoyoteRequest?


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message