Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 845BB200C4F for ; Sat, 1 Apr 2017 15:59:33 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 82CBE160B9D; Sat, 1 Apr 2017 13:59:33 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id CA64D160B8D for ; Sat, 1 Apr 2017 15:59:32 +0200 (CEST) Received: (qmail 69878 invoked by uid 500); 1 Apr 2017 13:59:31 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 69858 invoked by uid 99); 1 Apr 2017 13:59:31 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 01 Apr 2017 13:59:31 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id DBAB51A032C for ; Sat, 1 Apr 2017 13:59:30 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.396 X-Spam-Level: X-Spam-Status: No, score=-2.396 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.796, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id DdrF7S61x3pg for ; Sat, 1 Apr 2017 13:59:28 +0000 (UTC) Received: from mail-oi0-f47.google.com (mail-oi0-f47.google.com [209.85.218.47]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 49EFE5F3FF for ; Sat, 1 Apr 2017 13:59:27 +0000 (UTC) Received: by mail-oi0-f47.google.com with SMTP id o67so87565193oib.1 for ; Sat, 01 Apr 2017 06:59:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=zKeoosOw9k/A++bTnap6zZUAQqI3q84PCiKkGo1pMGc=; b=Bp8JchUuWm19I/LxAgc63K46zqMdCTqxJI1YhjkvRl48giHwjkCiW/qDb04W+kxY5b z7u2Lg2v+brQmyjl/xMii5ZpwjmpjLUIZC5j/ywhjFJ6bnNX06YnsiKBllAJYHW6FgH2 BieHISF4D2ldBd+3gxgSeGxqSeVri47LYPfpScYMSTf6cSivx/K8QiEW3y5wRzlQ0AVh HC3qUtx4saR5XuO1ssatDytqFiqOaCOuEwmRWjlkebq0Vwnu3HeF75yVVneVhEHxeFIY gzSwwG3cQt6z6l43fqLeSa80GHcDkhd7ApNzXkrb4x9vlIPRNpFHgZ8dYYphI6HI2kSI 1s6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-transfer-encoding; bh=zKeoosOw9k/A++bTnap6zZUAQqI3q84PCiKkGo1pMGc=; b=LfLjMl33gDYXAv4dTrrwFbcVW3KdFbvgLWObD8Dt0NW+Z+S1aMlFRz0z2VVhW/48ma o3gmxX/QYRpQ9ZVSm4GIXzv4QbP9M0RlE2KaKTXRwS7D/UOM5cj5VMj6q94iZ9Lf0ci0 x/Jf/a+Sa5bibQqlxpz0pZVsoqB15+0ZcfCDROimbEJkzIZquTTW5yQxvkBcuNQPQrER 8zycUqnhWjF6r2W8dZE/6rWtRWuudPBAalOEHZrQ8lyK+c6VBgxpgOBK7ggPGR15TvDv AFcKo3eppunXaMx8dCvcbHqrKSsvxH3+ZQYd+bxirIv0P6HecBUL+aOg7+xJpG1mwjun VeXA== X-Gm-Message-State: AFeK/H2xLM+EDc2J9Qi47Rw9lOaih64mBBK8Z8FFwQNEPwHH1gGibzu7Lu2lyHe9cEZCLubq/S+hw4TT+3zRWw== X-Received: by 10.157.54.68 with SMTP id w62mr5275664otb.60.1491055165893; Sat, 01 Apr 2017 06:59:25 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.38.145 with HTTP; Sat, 1 Apr 2017 06:59:25 -0700 (PDT) In-Reply-To: <58DF9A52.7050408@ice-sa.com> References: <69ef49e9-c6a4-2d4c-9caf-97a0c5c6cf4f@602.cz> <37562d2d-1508-2df1-1b8b-273ef76de8e2@christopherschultz.net> <58DD5F63.1020603@ice-sa.com> <2841f1e3-a057-392a-4455-e774b5ec16dc@christopherschultz.net> <58DF9A52.7050408@ice-sa.com> From: Konstantin Kolinko Date: Sat, 1 Apr 2017 16:59:25 +0300 Message-ID: Subject: Re: how to access HTTPServletRequest in RealmBase To: Tomcat Users List Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable archived-at: Sat, 01 Apr 2017 13:59:33 -0000 2017-04-01 15:17 GMT+03:00 Andr=C3=A9 Warnier (tomcat) : > > I was also wondering why Konstantin, in his response, mentioned that it w= as > "by design" that the Realm has no access to the Request. Was that to avoi= d > some kind of problem, or to match the Specs or something ? > Documentation says so. E.g.: "A Realm is a "database" of usernames and passwords" http://tomcat.apache.org/tomcat-8.5-doc/realm-howto.html#What_is_a_Realm? One design bit driven by the servlet spec is that an Authenticator usually is not configured explicitly, but is created automatically, mapping an onto a class name. See Authenticators.properties file https://svn.apache.org/viewvc/tomcat/tc8.5.x/tags/TOMCAT_8_5_13/java/org/ap= ache/catalina/startup/Authenticators.properties?view=3Dmarkup The web application decides, what authentication protocol to use. Realms are configured explicitly, and we have one by default. In a few cases where I went with Tomcat authentication (instead of usual Spring Security library) and had special requirements (checks by IP, preauthentication) I implemented a Valve, not even an Authenticator. I am not proud of those, but they served a specific purpose. They were inspired by SingleSignOn valve. BTW, there are alternative technologies, JASPIC, JAAS, GSS (GSSContext in SpnegoAuthenticator) http://tomcat.apache.org/tomcat-8.5-doc/config/jaspic.html http://tomcat.apache.org/tomcat-8.5-doc/config/realm.html#JAAS_Realm_-_org.= apache.catalina.realm.JAASRealm JASPIC has access to request & response.. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org