>Again, put your valve in host, not context if you want it to be called
>before authentification
Sorry I misunderstood your hint. Now I have this configuration (with Valve and
Host element on the same level):
[...]
<Valve className="de.tccproducts.valves.PenFrameworkAuthenticationValve" />
<Host name="localhost"
autoDeploy="false" deployOnStartup="false" deployXML="false">
[...]
Now my valve is called before the response the authentication takes place. But
adding the Authorization header before the BasicAuthenticator is called does
not prevent the BasicAuthenticator from sending back a SC_UNAUTHORIZED.
I add the basic authentication header using this method in my valve:
request.addHeader("Authorization", "Basic am9jaGVuYjpqb2NoZW5i");
But if I have a look in the BasicAuthenticator implementation I can see, that
the basic authenticator reads the header's value using this code:
MessageBytes authorization =
request.getCoyoteRequest().getMimeHeaders()
.getValue("authorization");
So I think the request object I modify does not reflect its changes to the
CoyoteRequest the BasicAuthenticator reads the values from. Is there a solution
to modify the CoyoteRequest?
Regards
Jochen
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
