tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Stephens <>
Subject Tomcat Custom Authenticator
Date Fri, 14 Aug 2009 18:24:41 GMT
Need some help or advice..

For Security reasons,
  We need to do logging for IP,username, etc(AUDIT).
  We need to log success and failed attempts.
  We don't want to modify the internal classes(unless it's impossible).

  We are using the FORM auth-method, we POST to j_security_check. We have
our own custom realm that extends RealmBase. All that works fine. Until we
try and report back to the browser why the authentication failed, to many
attempts, account expired etc..

So my question is. Since the authentication occurs in the
Realm/FormAuthenticator, Has anyone been able to successfully extend this
class ( FormAuthenticator ), and implement this kind of concept? I have
found some examples online, but I have not been able to make them work.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message