-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 5/20/14, 4:28 AM, Mark Thomas wrote: > On 20/05/2014 09:11, Jan Vávra wrote: >> Hello. >> >> I write my own realm implementation for Tomcat 7.x. In the >> method Principal authenticate(X509Certificate[] certs) I'd like >> to read request headers. My authentication would be based on >> client certificate + custom http request value. Is it possible? > > In Tomcat, the Authenticator is responsible for gathering the > credentials. This often requires interaction with the Request and > related objects. > > The Realm is responsible for validating credentials. Therefore the > Realm does not need access to the Request and related objects. This is something that securityfilter supports using a sub-interface of the Realm (analog) interface that has the ability to access the request directly. It's a bad architecture, but very useful for doing things such as recording login failures and their source IP addresses, etc. Is there some way that additional information (e.g. source IP address) could be provided to the Realm for things such as this? It's one of the reasons we still use sf instead of Tomcat's built-in realms. (Another is the lack of decent password-checking algorithms, but I'm working on that: https://issues.apache.org/bugzilla/show_bug.cgi?id=56403). Thanks, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTe3omAAoJEBzwKT+lPKRY8U0P/RkUu4Ov1cHSGIFwBCWcXKhr Rx5DRmgtDWFIffQooc94bsABayjh0mGNNLQhrZ8PPnsPVZdtPVgr4ygMon1jOreL UM6MtMvhpNsLVBaBp76YG5Gq1NXydxSg78pzY7seFhSm4fTetmADt1DxZUwe2oCP Hp0JJjCMq9ldKJClCNl0wCgdDSS9NBb2HBrk/NXsN62Rd089ONjfIqqTl+iIaAVR Fx5a8QqxpfrevVb+UEBvlOU8uMFvBkAGhY3gniN7NuKdBp11IYvRnueLjARXg+Je yrBYrx7ZgI5OPz0s8o3jCysUe7EAscYq8OCnocWmlqhgVobFhpMgH9UT1zVBVKRP 2t0gN9MOnojYAY5pv0efT2ld9a0EAu8VdkOTpFCBpd5h6Wu89yEz4Z1EO0Vej1GP SXfX5gsPAIGZW1AcuIUPm3Em/iiVXvYltexJjvSBG/kxWwrDSFL8fn1fCV0z1gWG iY2/moj1ANSuuRaBvHUynodw/+GAVROleR94U22UNPn1XXP/D6TJV5De9NmOG65B pOLJaFajiOtRq1LSZGuI2UGOYp4ndRjcZob94U+DSTKJ+u7szlnrGmb6b6N6hC8l ARIBLo7OxUtAqQXtdSNHfjo1YKLufPBaRDY62jxDhOypyyDkELv1sOPpV9hku0T+ MrXUt6BiNM0Ej5RBguIx =7ubz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
