tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remon Sadikni <remon.sadi...@zmaw.de>
Subject Re: Two auth methods for one application
Date Thu, 09 Feb 2012 09:45:15 GMT
Hi Jan,

> The servlet spec doesn't support anything like this. I think what
> you'll have to do is write your own Authenticator. You can configure
> your own Authenticator by registering a<Valve>  that is an
> Authenticator in your webapp's<Context>. Just write your own code and
> register it using<Valve>.
>

I don't know if that helps: I recently had a similar problem and I 
solved it (also thanks to support of this mailing list) in Tomcat 6 
(also with apache and ajp) this way:

I wanted two different auth-mechanisms for two classes of users: One 
inside our network, the other one outside. The outside users have to 
login via Basic Auth, the others not (because of their IP-address).

I extended RequestFilterValve and overwrote the method process. If the 
IP address is one of the allowed ones, a UserPrincipal with a generell 
access is created, which logins the user automatically. If not, the user 
has to authenticate by username and password.

protected void process(String property,
                            Request request, Response response)
         throws IOException, ServletException {

         // Check the allow patterns, if any
         for (int i = 0; i < allows.length; i++) {
             if (allows[i].matcher(property).matches()) {
             	// create a principal for an existing fake user
             	final List<String> roles = new ArrayList<String>();
                 roles.add("USER_ROLE");
             	final Principal principal = new GenericPrincipal(null, 
"USER", "PASS", roles);
             	// set it in this request
             	request.setUserPrincipal(principal);
             }
         }
         // pass this request to the next valve (basic auth)
     	getNext().invoke(request, response);
     	return;
}

You have to use the new Valve in your context file and switch on Basic 
Auth in WEB-INF/web.xml of your webapp.

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/YOUR_WEBAPP">
   <Valve className="org.apache.catalina.valves.RemoteAddrOrAuthValve" 
allow="YOUR_IP_MASK"/>
</Context>

<security-constraint>
     <web-resource-collection>
       <web-resource-name>restrict by URL</web-resource-name>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
     </web-resource-collection>
     <auth-constraint>
       <role-name>USER_ROLE</role-name>
     </auth-constraint>
     <user-data-constraint>
       <transport-guarantee>NONE</transport-guarantee>
     </user-data-constraint>
</security-constraint>

Beste Regards,
Remon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message