tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: how to access HTTPServletRequest in RealmBase
Date Sat, 01 Apr 2017 13:59:25 GMT
2017-04-01 15:17 GMT+03:00 André Warnier (tomcat) <aw@ice-sa.com>:
>
> I was also wondering why Konstantin, in his response, mentioned that it was
> "by design" that the Realm has no access to the Request. Was that to avoid
> some kind of problem, or to match the Specs or something ?
>

Documentation says so. E.g.:
"A Realm is a "database" of usernames and passwords"
http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#What_is_a_Realm?


One design bit driven by the servlet spec is that an Authenticator
usually is not configured explicitly, but is created automatically,
mapping an <auth-method> onto a class name. See
Authenticators.properties file

https://svn.apache.org/viewvc/tomcat/tc8.5.x/tags/TOMCAT_8_5_13/java/org/apache/catalina/startup/Authenticators.properties?view=markup

The web application decides, what authentication protocol to use.

Realms are configured explicitly, and we have one by default.


In a few cases where I went with Tomcat authentication (instead of
usual Spring Security library)
and had special requirements (checks by IP, preauthentication)  I
implemented a Valve,
not even an Authenticator.
I am not proud of those, but they served a specific purpose. They were
inspired by SingleSignOn valve.


BTW, there are alternative technologies, JASPIC, JAAS, GSS (GSSContext
in SpnegoAuthenticator)
http://tomcat.apache.org/tomcat-8.5-doc/config/jaspic.html
http://tomcat.apache.org/tomcat-8.5-doc/config/realm.html#JAAS_Realm_-_org.apache.catalina.realm.JAASRealm

JASPIC has access to request & response..

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message