Do it in a request filter and don't implement a realm in tomcat. You're
looking for something like (all in a filter):
//Check for a basic auth header with actual user/pass info
if ((request.getHeader("Authentication") == null) ||
(request.getHeader("Authentication").length <= 6))
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "BASIC realm=\"My
realm\"");
//Decode the auth header
String authInfo=Base64.decode( request.getHeader("Authentication"
).substring(6).getBytes() ) ;
String user=authInfo.substring(0, authInfo.indexOf(':')-1) ;
String password = authInfo.substring(authInfo.indexOf(':')+1) ;
//Check the password by calling your own code. Wrap the request in
your own HttpServletRequestWrapper and pass it on
The Base64 class is from the commons-codec project.
--David
Johan Haleby wrote:
Hi!
I've implemented a simple custom realm that I use in Tomcat 5.0.28. But
instead of doing the authentication in the authenticate method in my realm
I'd like the actual authentication to be conducted by a another servlet that
takes username and password as parameters. So basically what I'd like to do
is to just to pass the username and password entered by the user when the
"login popup window" (http basic authentication) pops up to the
authentication servlet by redirecting the user to that URL with those
parameters. My realm should always accept the username/password since the
actual authentication takes place somewhere else. Is this possible, and in
that case where do I start?
Thanks in advance,
Johan
--
David Smith
Network Operations Supervisor
Department of Entomology
Cornell University
2132 Comstock Hall
Ithaca, NY 14853
Phone: (607) 255-9571
Fax: (607) 255-0940
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
