On 09/12/17 19:41, Christopher Schultz wrote:

<snip/>

> If there is any appetite for such a thing in Tomcat, I'd be happy to
> propose a change to bring e.g. an AuthenticationListener interface
> which could listen for events of this type and include information
> such as username, IP address, and possibly other useful information.

I think this is a specific case of this more general request:

https://bz.apache.org/bugzilla/show_bug.cgi?id=59750

Now is a good time to implement that, before 9.0.x becomes final and the
API is (mostly) fixed.

There are a couple of different ways of doing this, depending on how
backwards compatible we want to be. I'm currently leaning towards:

- add new methods to Realm (duplicate existing authentication methods
  and add HttpServlet)

- implement the new methods in RealmBase that simply defaulted to
  calling the old methods minus the HttpServlet

Then custom Realms could extend RealmBase, override those methods and
gain access to the additional info.

It isn't the only option. Is there a

It is TBD if we deprecate the old methods. Maybe deprecate in 9.0.x with
a view to dropping in 10.0.x

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to