tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Two auth methods for one application
Date Thu, 02 Feb 2012 15:00:14 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jan,

On 2/2/12 6:26 AM, Jan Vávra wrote:
> Is it possible to configure tomcat to call both variants of
> functions? I'd like to write something like
> <auth-method>CLIENT-CERT or BASIC</auth-method>.

The servlet spec doesn't support anything like this. I think what
you'll have to do is write your own Authenticator. You can configure
your own Authenticator by registering a <Valve> that is an
Authenticator in your webapp's <Context>. Just write your own code and
register it using <Valve>.

You can look at the documentation for, say, BasicAuthenticatorValve:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Basic_Authenticator_Valve

And you're going to want to extend AuthenticatorBase.

Tomcat has a "CombinedRealm" which allows authentication against one
of several sub-realms (like LDAP /or/ JDBC), but does not have a
CombinedAuthenticator, which might be a useful addition. If you come
up with something that works, consider donating it to the project.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8qpP4ACgkQ9CaO5/Lv0PA5sACghn/zNiYE2Ibcpb6VQNzduVtL
rl8An1pMRYD1k8NXHv+bPTIGZz4uFWcG
=bSq+
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message