-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Arno,
On 7/21/15 10:05 AM, Arno wrote: > Felix Schumacher <felix.schumacher <at> internetallee.de> writes: >> I think tomcat will always inject a realm into to host when it >> finds none. > But that realm should not interfere >> with your requests to your webapp. > > You are right, and I see, that I have misinterpreted my debugger > sessions. Our realm contains an additinal class, that contain the > access methods to our server against we have to authenticate. So > the realm does a lot of things what are not neccessary on the > webserver side at the moment. So I have written now my own small > method, what only make the autentification and all things was ok > afterwards. > > By the way, what I haven't realy understood, is how and when this > realm is called, after a request reached the connector. What I > didn't understand also is what actions or what content of the > request triggers the realm to do anything. Accessing a protected resource triggers an authorization check, which also required authentication. Some realms cache authentication information while others do not. The authenticator is a Valve which uses the Realm to perform the authentication and gather authorization information (e.g. roles). If the user isn't authenticated, then they are challenged for credentials (login form, SSL client certificate, HTT BASIC/DIGEST auth, etc.) and the credentials they provide are then fed back into the realm to authenticate the user. Then the roles are checked for authorization. > Perhaps you have a hint or a link for me, where I can see which > control flow a request have, before he arrived my first filter. I > haven't found the right documents for this til now. The Filter stage is too late, because all of this is done in Valves before any webapp-specific code is invoked. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVrmOxAAoJEBzwKT+lPKRYxucP+gJnYSOUdbmUjgLTRfx6Z8RJ 0L3EyQBqDJL+9/Jv6a+dxiQmLLUN+2Xl1vSsQVpKtqcr20CssDspDGjmL6lOewr7 9cd/YzxiSeTNz+MbB7wfziWfW3qyK15w/gEuOShvfdDBD3U/NcGsL6WtN+ydQYDp kFWR7VbW1GuprjY+4fsNq/xPo8HxxD9KuC+GwoV+0p4NtgNkLxesXIUIz4QVriPn TTy3EPwIMVKzDsMH+aMBbJ78x0aWik4j6PKFoXLTEzAT4KGMS2+w7TQ3+CkjUOtX Hgi5bAF1hQ1/PKSALs2QiLzBTxDOkv725SqXiW7d0nwcoH+bT3O4hqSZzWlQYG3r 3OyoYVb+3jX6gJNfh3zvU5aPADL1jzhad1Mcn6FhE32MvKMihhJ0j96tKqleznje EKjFYI5ULURQIZzbcQtaZY+/L2vUfk4Bt/bZhSeBQbSwPCyTiiUH8FVB8BPMGLmI eaF4nBuQEuHh9jI9MslDfYEM7HLiYltAFlWJsU39h5Wnx/64b6yH7/L+TokgbwqD NrJfvk8Lwk4q+6XPgWcB9HiUPU88ByjkrZ/YaKhAoIH1yI0XDViUQwmlJvbfIxk4 SbCOEKXdxaec6G1vjmc1RqUTSaSaJ47R9D1WBKMw5oRvEtrJvS3s7fpgXp/T7GpZ LB6V01Eu5sIjCj2ZVL5P =FoC0 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
