On 25/06/2014 15:35, Christopher Schultz wrote: > Konstantin, > > On 6/25/14, 5:23 AM, Konstantin Kolinko wrote: >> 2014-06-24 21:09 GMT+04:00 Neeraj Sinha >> <neerajsinha....@gmail.com>: >>> I am using form based authentication (tomcat 7.0.34) and I >>> have the implementation of custom realm class which extends >>> RealmBase class. Inside the getPrincipal() method >>> implementation, I am calling backend service to save some login >>> details. I need to pass host name to backend (I have 2 >>> applications running under different hosts connected to same >>> DB, so to know the login source of user). Hosts are configured >>> in server.xml. >>> >>> Any help/links/URL much appreciated. > >> A Realm is just a DAO class used by Authenticator valves. The >> idea is that a Realm can be shared between web applications (by >> placing it at the Host or Engine level). If you want access to >> the request, you should implement an Authenticator. > >> There have been some discussions on changing APIs of >> Authenticators and Realms to be more friendly for extension, but >> nobody came up with a specific idea. > > I have some code laying around for extending RealmBase to allow > changes to the password-derivation algorithm, but it wouldn't > change the public API of the Realm class in a way that wasn't > backward-compatible. > > Changing Realm to include additional information (i.e. the > request) would break that API. I can't imagine we'd change that API > for Tomcat 7 and it's getting pretty late for Tomcat 8 (8.0.9 was > just voted "stable").
See the release notes for which APIs may change and how. For Realm, we can add new methods and deprecate existing ones but we can't change or remove existing methods. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
