-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Neeraj,
On 6/24/14, 1:09 PM, Neeraj Sinha wrote: > I am using form based authentication (tomcat 7.0.34) and I have > the implementation of custom realm class which extends RealmBase > class. You need to upgrade. There are security updates classified as "important" since your version. > Inside the getPrincipal() method implementation, I am calling > backend service to save some login details. I need to pass host > name to backend (I have 2 applications running under different > hosts connected to same DB, so to know the login source of user). > Hosts are configured in server.xml. This is not possible using the realms implemented in Tomcat. You can do this using securityfilter[1] (which is one of the only reasons left to use sf over Servlet 3.0 authentication) but you'd have to extensively-hack Tomcat to do it through Tomcat itself. - -chris [1] http://securityfilter.sourceforge.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTqdFlAAoJEBzwKT+lPKRY32gQAJ3YNAX1MWkmH92UVDXeLjWh fPiTl3mvpIup1kUekZ+HleoNAYnv/gZlmgmol0DV9AbaKcOfxnoz4jEfwvXSfkNx b8zXyGlJdnncV5cx1pd1i7aiN9vi3VZHhpxJOUXCGZngxwNJpQFeyxuSK1Nmw8Ww NtJhPMPyazTpdslgepX04Q+hmfGzAZ1CW8dB0PcZ7EVveZ0NsouvUxDK6gHVPV2j aqF3ub5r+WRiw7eXPFMr7l2RVdyUzS3on77zWpTHBm6h1O8eDAtFS/+gWM5af1gP ywxApjQ4RjR/dtHc/a6WJenoRSa0rlpdwnikHaWZHpbVCOhtu/I48xsoJ9/Xt5k5 /Lb3+1POGpqBrOfBZK4XgdlqMWmuABCxHvlr0/Bv+FjQ1vvPLN4ZfGQSNex9kkrq XaoqZLzKUK/e6GbaueOyNQbtAUcuLsiUnYPB5+kt1A+U3xwXQvWUFNWQpI6nCLnV o85xhNF166fJfO9KxDn4rYwuJ0A7PNvPJbDas3m5Q2x0af4+ClkNZBfIUwPClwKw Ka1U+63IiU7SexN0J9od4u5Q/GiyZjxgL6+F+KTE7aHooab3f4ikKBhXxfNNzJ3X YTbBtJH25Gczoh/HGOBS5e9fTH49Y6ehPlEpZFykXmBho/z9Qk+SIHQ9x9n1D9Nb UGArX1fhMM7GCprF4mYD =3yb4 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
