tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: How to force each session to authenticate
Date Wed, 06 Sep 2006 01:03:00 GMT
Elise Atkins wrote:
> I am using jboss and I trying to change the default caching behavior for
> username/passwords. I would like to force each session to reauthenticate.
> 
> The first time the user logs in, the my login module is called and it
> goes through login & commit as expected. The user's credentials are
> cached. The second time the user logs in (the user has not logged out
> from the first login but logs in using a different browser of a
> different machine). The cached credentials are used. I believe that a
> subclass of org.apache.catalina.realm.RealmBase is where the credentials
> are stored but I can't determine which subclass is used and how or where
> to specify a custom class that overrides the RealmBase.authenticate
> method. I am using form based login and see that
> org.apache.catalina.authenticator.FormAuthenticator is called. Where are
> all the default classes that are instantiated specified?


The authenticator, not the realm, controls this process. The relevant
classes for FORM authentication are:
http://svn.apache.org/repos/asf/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/valves/ValveBase.java
http://svn.apache.org/repos/asf/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/AuthenticatorBase.java
http://svn.apache.org/repos/asf/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java

I haven't tested this but what should work is:
- add a form authenticator valve as per
http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html
- set an attribute on the valve called cache and set it equal to false

HTH,

Mark

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message