context/valve to the host definition in server.xml, to the
/conf/context.xml, to the Catalina default-context.xml or does it
matter? Sorry I'm not getting it. I've been with TC for many years.
But this is an area I've never dealt with until now.
Yep, just add a to your META-
Authorization header with the word
Basic, it will route to the standard BasicAuthenticator class.
If that's been configured, yes.
What would I do in order to tell TC if it finds an auth header with
the word "Malcolm" as the prefix instead of "Basic" that it should
er to tell TC if it finds an auth header with the
word "Malcolm" as the prefix instead of "Basic" that it should route to
my custom Authenticator class?
You'd have to install your own Authenticator (a Valve) in your
. markt posted how to do this on 10/2 in this thread.
ed header. I assume that if TC finds an Authorization header with
the word Basic, it will route to the standard BasicAuthenticator class.
What would I do in order to tell TC if it finds an auth header with the
word "Malcolm" as the prefix instead of "Basic" that it should route to
n: Basic [base64stuff]
Using "Bearer" might be a better choice, though that is also covered
by a specific RFC and might be confusing to overload that token
("Bearer") for another purpose.
You could just do:
Authorization: Malcolms [token]
If you are going to write a cust
by a specific RFC and might be confusing to overload that token
("Bearer") for another purpose.
You could just do:
Authorization: Malcolms [token]
If you are going to write a custom authenticator, anyway. You'll need
to have a custom client, of course, but you will already
with it.
This is a very good point.
Instead of:
Authorization: Basic [base64stuff]
Using "Bearer" might be a better choice, though that is also covered
by a specific RFC and might be confusing to overload that token
("Bearer") for another purpose.
You could just do:
A
t is also covered
by a specific RFC and might be confusing to overload that token
("Bearer") for another purpose.
You could just do:
Authorization: Malcolms [token]
If you are going to write a custom authenticator, anyway. You'll need
to have a custom client, of course, but you will alread
a better choice, though that is also covered by
a specific RFC and might be confusing to overload that token ("Bearer")
for another purpose.
You could just do:
Authorization: Malcolms [token]
If you are going to write a custom authenticator, anyway. You'll need to
have a cus
Am 2021-10-02 um 02:48 schrieb Jerry Malcolm:
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google for
info. I found one post where the answer included the statement:
This would clearly violate Basic auth scheme and
Jerry,
On 10/1/21 20:48, Jerry Malcolm wrote:
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google for
info. I found one post where the answer included the statement:
"Extending from AuthenticatorBase is a great ide
On 02/10/2021 01:48, Jerry Malcolm wrote:
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google for
info. I found one post where the answer included the statement:
"Extending from AuthenticatorBase is a great idea, an
I need to write a custom BasicAuthenticator class to decode a
specialized encoding of the authToken. I have been scouring google for
info. I found one post where the answer included the statement:
"Extending from AuthenticatorBase is a great idea, and you can avoid
Tomcat's standard authenti
s there an more easy solution to add
a custom authenticator scheme to a Context/context.xml?
Mfgthomas
---
--To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.orgFor
additional commands, e-mail: users-h...@tomcat.apache.org
Am 6. Juli 2020 14:14:59 MESZ schrieb Mark Thomas :
>On 04/07/2020 19:54, Thomas Meyer wrote:
>> Hi,
>>
>> a while ago I did write a little POC of how to add a custom
>> authenticator scheme to tomcat.
>>
>> this is what I did come u
On 04/07/2020 19:54, Thomas Meyer wrote:
> Hi,
>
> a while ago I did write a little POC of how to add a custom
> authenticator scheme to tomcat.
>
> this is what I did come up with:
> https://github.com/thomasmey/BearerTokenAuthenticator
>
> It's rather complica
Hi,
a while ago I did write a little POC of how to add a custom
authenticator scheme to tomcat.
this is what I did come up with:
https://github.com/thomasmey/BearerTokenAuthenticator
It's rather complicated solution!
Is there an more easy solution to add a custom authenticator scheme
Am Mittwoch, den 01.06.2016, 09:29 -0400 schrieb Christopher Schultz:
> Thomas,
>
> On 6/1/16 7:15 AM, Thomas Meyer wrote:
> >
> > Hi,
> >
> > How do I get a custom mapping set in
> > ContextConfig.setCustomAuthenticators? (
> > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas,
On 6/1/16 7:15 AM, Thomas Meyer wrote:
> Hi,
>
> How do I get a custom mapping set in
> ContextConfig.setCustomAuthenticators? (
> https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/start
up/ContextConfig.html#setCustomAuthent
Hi,
How do I get a custom mapping set in
ContextConfig.setCustomAuthenticators? (
https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/startup/ContextConfig.html#setCustomAuthenticators(java.util.Map)
)
I want to add a custom mapping for lets say BEARER to a my Authenticator.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel,
On 8/14/2009 2:24 PM, Daniel Stephens wrote:
> For Security reasons,
> We need to do logging for IP,username, etc(AUDIT).
> We need to log success and failed attempts.
> We don't want to modify the internal classes(unless it's impossible
Daniel Stephens wrote:
> Need some help or advice..
>
> For Security reasons,
> We need to do logging for IP,username, etc(AUDIT).
> We need to log success and failed attempts.
> We don't want to modify the internal classes(unless it's impossible).
>
> We are using the FORM auth-method, w
Need some help or advice..
For Security reasons,
We need to do logging for IP,username, etc(AUDIT).
We need to log success and failed attempts.
We don't want to modify the internal classes(unless it's impossible).
We are using the FORM auth-method, we POST to j_security_check. We have
our
This is why it is rare to write a custom Authenticator. More often you
write a custom Realm to do this sort of thing. You only need an
Authenticator if you have some non-standard way of extracting the user
credentials from the Request.
The problem with the code below is that it doesn't
Hi,
I need help to write my own custom Authenticator.
I wrote my own Authenticator and it's very simple and following is the
code:
public class SampleAuthenticator extends AuthenticatorBase {
public boolean authenticate(Request request,Response
response,LoginC
t.apache.org
> | Subject: Custom Authenticator
> |
> |
> | Hi,
> | I need to implement my custom authenticator to do some extra
> | comfig i user session beside the authentication. How can I
> | achive this? Is there a way to do authentication besides
> | rigid j_check_security?
&
@tomcat.apache.org
| Subject: Custom Authenticator
|
|
| Hi,
| I need to implement my custom authenticator to do some extra
| comfig i user session beside the authentication. How can I
| achive this? Is there a way to do authentication besides
| rigid j_check_security?
|
| --
| from debian manifesto
Hi,
Is it possible to have a custom Authenticator in tomcat 4.1? I can't find
any information about it, only for 5x. I have tried configuring a
WEB-INF/context.xml with a valve referencing my authenticator class, works
well in tomcat 5.5, but not in 4.1 (which is currently the version w
Have You thought about a request filter? All it has to do is watch for
authenticated sessions that are missing some critical session
attributes. Fill in the missing info as needed.
-David
Arash Bijanzadeh wrote:
Hi,
I need to implement my custom authenticator to do some extra comfig i user
Hi,
I need to implement my custom authenticator to do some extra comfig i user
session beside the authentication. How can I achive this? Is there a way to
do authentication besides rigid j_check_security?
--
from debian manifesto:
Debian Linux is a brand-new kind of Linux distribution.
Rather
30 matches
Mail list logo
