-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

All,

I've been doing some work over the past few years to make it possible
for me to abandon securityfilter[1], a project that allows
applications to do some things that, historically, haven't been
possible with container-managed security.

Specifically, that project was started to allow drive-by logins but,
with servlet-3.0 adding
HttpServletRequest.authenticate(HttpServletResponse), it is no longer
necessary to have a 3rd-party component to provide that feature.

sf also allowed custom realms to be built more conveniently, and
recent changes to Tomcat have added CredentialHandlers which simply
the pluggability of different credential-handling algorithms (and
bundle access to some better algorithms in the distribution, such as
PBKDF2).

The last missing piece is being able to get the user's IP address for
both successful and unsuccessful logins. I don't believe Tomcat
provides any way to do that with a standard Realm. I believe it can be
done using JASPIC, but ... it seems like there is a lot of complexity
in there.

Are there any techniques others are using to get user-IP during login?
I'm not particularly interested in using another 3rd-party
authentication library (e.g. Spring-security) -- I'm looking for
something out-of-the-box or a maybe little custom code that I could
add to my application or server.

If there is any appetite for such a thing in Tomcat, I'd be happy to
propose a change to bring e.g. an AuthenticationListener interface
which could listen for events of this type and include information
such as username, IP address, and possibly other useful information.

Thanks,
- -chris

[1] http://securityfilter.sourceforge.net/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlosPIYACgkQHPApP6U8
pFjozxAAtONxT7Qr6J5ThNG3EV00vMavZsYbuhMdRWq1Yud77hkGKuadVhC4DPmW
Mvho4H0U2TZpHdffQpVB3Uhcvf4kEp5DltPVs9VKU+OT5kWyOoxO5TBhD36+0082
F2mGLHM0/j0GcKiDJHvsIw78qeMxoSn8+TfL4th3wfTvnDJCJ3+9+qf35metyfMA
1E0UNzi3G4QXAqnTIu7xZwsvTOLVVhKJhfmoa0fChg09m5P2et7zJw3I8h1zTuP6
KFaw/ZqgrYiL6xdz9QvFPwEMzV8hrr9x9E5BnpLJGnCNqOLFvEa1oUbyxTCsDU20
mOjuwShFRiFQYGPYFLGdSWU2NGR3ZjCvIhl0hvgM/ORzb+x7IxuupieKP21MMB3+
/Ylop9KaROjvhmDG5DMCJbkEyn1mBVFPDTPUFEYIGFrkGzosVh6zYohPMi5jUy1G
f0Or3dgYUNSP4n8lfpPbkusEOSIiv5LmtnqU+/TM7poXVjc7KAvBK52FZdCYvNB6
UKbc1d3IORCFoLIcM9lTOulTugVpo5JN+VU6Qqgd/c97iraCGwUuHQKvq2/vwgaC
I/i74xZYrciig9J+R1UPmTTBXDL8tTq8IPdbOPFCg3O4Vuvwld8ZpaYZpxkOcI1a
o3+CtT6OGMM/JZwIXApwB7nWk69rhh3Cf74Awfoq9OapJmj0/7A=
=a7+J
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to