I want to say thank you all for your help and many different ways to solve
my problem. I think the most -maybe all- will work in an ideal world without
hard requirements through legacy client-applications. I don't want to hold
on BASIC as auth-method because I like it so much, I prefer to kick that
legacy application. ^^
My solutions at the end was a custom valve/Authenticator:
public class CustomTomcatBasicAuthenticator extends BasicAuthenticator {
public boolean authenticate(Request request, HttpServletResponse
response)
throws IOException {
boolean result = super.authenticate(request, response);
modifyResponse(request, response);
return result;
}
@Override
public boolean authenticate(Request request, HttpServletResponse
response,
LoginConfig loginConfig)
throws IOException {
boolean result = super.authenticate(request, response,
loginConfig);
modifyResponse(request, response);
return result;
}
private void modifyResponse(Request request, HttpServletResponse
response)
{
String url = request.getPathInfo();
if (response.getHeader(AUTH_HEADER_NAME) != null &&
url.startsWith("/rest"))
response.setHeader(AUTH_HEADER_NAME, "XXX_BASIC");
}
}
And a context.xml in my war-file:
<Context>
<Valve
className="database.server.servlets.CustomTomcatBasicAuthenticator"
/>
</Context>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
