On 09/12/17 19:41, Christopher Schultz wrote: <snip/>
> If there is any appetite for such a thing in Tomcat, I'd be happy to > propose a change to bring e.g. an AuthenticationListener interface > which could listen for events of this type and include information > such as username, IP address, and possibly other useful information. I think this is a specific case of this more general request: https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 Now is a good time to implement that, before 9.0.x becomes final and the API is (mostly) fixed. There are a couple of different ways of doing this, depending on how backwards compatible we want to be. I'm currently leaning towards: - add new methods to Realm (duplicate existing authentication methods and add HttpServlet) - implement the new methods in RealmBase that simply defaulted to calling the old methods minus the HttpServlet Then custom Realms could extend RealmBase, override those methods and gain access to the additional info. It isn't the only option. Is there a It is TBD if we deprecate the old methods. Maybe deprecate in 9.0.x with a view to dropping in 10.0.x Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org