tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Vávra <va...@602.cz>
Subject Re: Two auth methods for one application
Date Thu, 02 Feb 2012 16:05:11 GMT

> On 02/02/2012 15:00, Christopher Schultz wrote:
>> Jan,
>>
>> On 2/2/12 6:26 AM, Jan Vávra wrote:
>>> Is it possible to configure tomcat to call both variants of
>>> functions? I'd like to write something like
>>> <auth-method>CLIENT-CERT or BASIC</auth-method>.
>> The servlet spec doesn't support anything like this. I think what
>> you'll have to do is write your own Authenticator. You can configure
>> your own Authenticator by registering a<Valve>  that is an
>> Authenticator in your webapp's<Context>. Just write your own code and
>> register it using<Valve>.
>>
>> You can look at the documentation for, say, BasicAuthenticatorValve:
>> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Basic_Authenticator_Valve
>>
>> And you're going to want to extend AuthenticatorBase.
>>
>> Tomcat has a "CombinedRealm" which allows authentication against one
>> of several sub-realms (like LDAP /or/ JDBC), but does not have a
>> CombinedAuthenticator, which might be a useful addition. If you come
>> up with something that works, consider donating it to the project.
> Jan, are you trying to achieve something like:
>
>   http://wiki.apache.org/tomcat/SSLWithFORMFallback
>
> ?
>

I'm trying to do SSL or Basic auth. This is slightly different: SSL or 
Form auth.
How I'm thinking about that basic vs. form auth should be the only one 
difference.
I'll explore this.

Thanks.
Jan



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message