Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 949A7200B98 for ; Mon, 3 Oct 2016 15:21:08 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 93232160ADC; Mon, 3 Oct 2016 13:21:08 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B042B160ACC for ; Mon, 3 Oct 2016 15:21:07 +0200 (CEST) Received: (qmail 77884 invoked by uid 500); 3 Oct 2016 13:21:06 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 77873 invoked by uid 99); 3 Oct 2016 13:21:06 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Oct 2016 13:21:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id CDDF4180516 for ; Mon, 3 Oct 2016 13:21:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.479 X-Spam-Level: ** X-Spam-Status: No, score=2.479 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=promatis-de.20150623.gappssmtp.com Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id ZcbP7MdoTUGn for ; Mon, 3 Oct 2016 13:21:03 +0000 (UTC) Received: from mail-yw0-f176.google.com (mail-yw0-f176.google.com [209.85.161.176]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 5477D5FC3D for ; Mon, 3 Oct 2016 13:21:03 +0000 (UTC) Received: by mail-yw0-f176.google.com with SMTP id g192so107694872ywh.1 for ; Mon, 03 Oct 2016 06:21:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=promatis-de.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=CUXdOvfzYbCRQcecWWvk4/OZXi0CAY+2QtewBxSNIrc=; b=zhbUK/MlCXVT/xkC2N0PDe3/zZvmYO87t0p7bsoVEu0ymByy/TGuScg5ltQxgvOFoE MUMBK1AZPhiWvxBHLNR/UfumncL4c3/7awd1YR7WyqfzgdCgXJ9Mvj03WlbuGS0DmU1p beIRBbpEOS0PJBr0A0o2Tz1Sb5fZyfzLaAlymINwNRLM180LbiITfCVlNoEhoPj2FZji VKYuKYrKl7bTpxDZVNcsBefZFUxqU52Pnx80kMYpgyTDrr6Qd3qDhmoIVnbXF8BPwvxJ cANzzqm662309ArQlr3DAl4NxSPDJOzr2rBZvVmW7LIE0l7gkB3vAOVQthsfDFOLnBQR 0Tpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=CUXdOvfzYbCRQcecWWvk4/OZXi0CAY+2QtewBxSNIrc=; b=I0KnHVzM7TSqx38Z+5W1nKjcezVd3lVcujpi5rtv0lAd9HSoVF2af8BukSRmkMi9wf jr/6uYNgidEUBBoet/NxK55wcOQeNvZggK3vjLbKtZZJYO1S0auqSz3ySm/x7XoebIUg D1L9nUUD3uy3mo76FNrmxHH5vGfmFmmvlpM1IQxJf6w5EHktV6I8a7o6yC6Ydlfj0wri eQQHlHOOqBDobAAIgtDQBslFFGjj403GKIke6EEZivW1g+/ML+JRm3nGlZAHKHnX1Dsg WCZvRlxZe5tjQ4rS2Va/K8dtfRyUi+cIFzCywq2z3PgfFjfcNzsLsOYveOybsIL2iTzh 2e3Q== X-Gm-Message-State: AA6/9RnxxQi8YOzgdjqNLlAFAJB9N8A62xYW2P9MUPAk8CDGYEkvDpH7AKnjQhJ11gnyCWNfa8X6SVKAT2i+Cg02 X-Received: by 10.13.238.6 with SMTP id x6mr16016262ywe.212.1475500856701; Mon, 03 Oct 2016 06:20:56 -0700 (PDT) MIME-Version: 1.0 Received: by 10.13.224.131 with HTTP; Mon, 3 Oct 2016 06:20:55 -0700 (PDT) Received: by 10.13.224.131 with HTTP; Mon, 3 Oct 2016 06:20:55 -0700 (PDT) In-Reply-To: References: <3681b9e5-b955-dbd9-2a69-5224efb40219@apache.org> From: Johannes Michler Date: Mon, 3 Oct 2016 15:20:55 +0200 Message-ID: Subject: Re: Fwd: No longer able to use my own org.apache.catalina.authenticator.BasicAuthenticator in Tomcat 8.5.5 To: Tomcat Users List Content-Type: multipart/alternative; boundary=94eb2c0361606e2af6053df5d038 archived-at: Mon, 03 Oct 2016 13:21:08 -0000 --94eb2c0361606e2af6053df5d038 Content-Type: text/plain; charset=UTF-8 Hi Mark, Thanks a lot for pointing out. Indeed I relied to much that I did not get any faults and didn't check that part. I'll try with the renamed method tomorrow, but I'm quite sure that will solve the issue. Regarding returning http 403 you suggest to do that in our custom basicauthenticator as well, correct? But this would still require us to install a tomcat version specific library globally, wouldn't it? Br Johannes Am 03.10.2016 15:01 schrieb "Mark Thomas" : On 01/10/2016 18:50, Johannes Michler wrote: > Hi, > > for our own web-application we overwrite the standard way of how Tomcat > BasicAuthenticator is working in order to avoid the popup of a > "Basic-Auth-Dialog" in some situations (where we're calling a service > provided by the tomcat over a script). Therefore our context.xml in the > app looks as follows: > > > className="biz.horus.database.server.servletscript. HorusTomcatBasicAuthenticator" > /> > > > HorusTomcatBasicAuthenticator is implemented as follows: > public class HorusTomcatBasicAuthenticator extends BasicAuthenticator > implements Authenticator { > > @Override > public boolean authenticate( Request request, HttpServletResponse > response) throws IOException { > System.out.println( "XXXX start out"); > boolean result = super.authenticate( request, response); > System.out.println( "XXXX authenticate: " + result); > modifyResponse( request, response); > return result; > } > private void modifyResponse( Request request, HttpServletResponse > response) { > String url = request.getPathInfo(); > System.out.println( "XX URL=" + url); > System.out.println( "XX Auth Header:" + response.getHeader( > AUTH_HEADER_NAME)); > if ( response.getHeader( AUTH_HEADER_NAME) != null && > url.startsWith( "/rest")) > response.setHeader( AUTH_HEADER_NAME, "HCP_BASIC"); > } > > } > > > This is working great with Tomcat 8.0(.37). Though with Tomcat 8.5.5 > that code in "authenticate" is no longer called. Instead it seams that > the "standard" BasicAuthenticator is being used. > > However if I entirely remove my jar-file that contains > HorusTomcatBasicAuthenticator.jar from the tomcat/lib-folder I'm getting > an error. > > Any ideas on that? I've looked into the tomcat 8.5 migration guide but > could not find any hints on changed behaviour. Whilst the Tomcat 8.5 internal API is broadly compatible with Tomcat 8.0 there have been many changes at the detail level and they are not binary compatible. Developers of custom components that interact with Tomcat's internals should review the JavaDoc for the relevant API. -> http://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/ catalina/authenticator/AuthenticatorBase.html and http://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/ catalina/authenticator/BasicAuthenticator.html Of particular note will be changes related to authenticate() and doAuthenticate(). > Also when comparing the > Valve-Documentation of Tomcat 8.5 and 8.0 I do not see a difference. > > Or would it be better to address this with dev@tomcat.apache.org > since it might as well be a bug? No. The users list is the right place for this. > Or is there a more elegant way to solve this problem to not reply with > "WWW-Authenticate: Basic" if authentication is not succesful? Maybe just change the status code to 403? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --94eb2c0361606e2af6053df5d038--