-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I've been doing some work over the past few years to make it possible for me to abandon securityfilter[1], a project that allows applications to do some things that, historically, haven't been possible with container-managed security. Specifically, that project was started to allow drive-by logins but, with servlet-3.0 adding HttpServletRequest.authenticate(HttpServletResponse), it is no longer necessary to have a 3rd-party component to provide that feature. sf also allowed custom realms to be built more conveniently, and recent changes to Tomcat have added CredentialHandlers which simply the pluggability of different credential-handling algorithms (and bundle access to some better algorithms in the distribution, such as PBKDF2). The last missing piece is being able to get the user's IP address for both successful and unsuccessful logins. I don't believe Tomcat provides any way to do that with a standard Realm. I believe it can be done using JASPIC, but ... it seems like there is a lot of complexity in there. Are there any techniques others are using to get user-IP during login? I'm not particularly interested in using another 3rd-party authentication library (e.g. Spring-security) -- I'm looking for something out-of-the-box or a maybe little custom code that I could add to my application or server. If there is any appetite for such a thing in Tomcat, I'd be happy to propose a change to bring e.g. an AuthenticationListener interface which could listen for events of this type and include information such as username, IP address, and possibly other useful information. Thanks, - -chris [1] http://securityfilter.sourceforge.net/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlosPIYACgkQHPApP6U8 pFjozxAAtONxT7Qr6J5ThNG3EV00vMavZsYbuhMdRWq1Yud77hkGKuadVhC4DPmW Mvho4H0U2TZpHdffQpVB3Uhcvf4kEp5DltPVs9VKU+OT5kWyOoxO5TBhD36+0082 F2mGLHM0/j0GcKiDJHvsIw78qeMxoSn8+TfL4th3wfTvnDJCJ3+9+qf35metyfMA 1E0UNzi3G4QXAqnTIu7xZwsvTOLVVhKJhfmoa0fChg09m5P2et7zJw3I8h1zTuP6 KFaw/ZqgrYiL6xdz9QvFPwEMzV8hrr9x9E5BnpLJGnCNqOLFvEa1oUbyxTCsDU20 mOjuwShFRiFQYGPYFLGdSWU2NGR3ZjCvIhl0hvgM/ORzb+x7IxuupieKP21MMB3+ /Ylop9KaROjvhmDG5DMCJbkEyn1mBVFPDTPUFEYIGFrkGzosVh6zYohPMi5jUy1G f0Or3dgYUNSP4n8lfpPbkusEOSIiv5LmtnqU+/TM7poXVjc7KAvBK52FZdCYvNB6 UKbc1d3IORCFoLIcM9lTOulTugVpo5JN+VU6Qqgd/c97iraCGwUuHQKvq2/vwgaC I/i74xZYrciig9J+R1UPmTTBXDL8tTq8IPdbOPFCg3O4Vuvwld8ZpaYZpxkOcI1a o3+CtT6OGMM/JZwIXApwB7nWk69rhh3Cf74Awfoq9OapJmj0/7A= =a7+J -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
