On 02/02/2012 15:00, Christopher Schultz wrote:
Jan,
On 2/2/12 6:26 AM, Jan Vávra wrote:
Is it possible to configure tomcat to call both variants of
functions? I'd like to write something like
<auth-method>CLIENT-CERT or BASIC</auth-method>.
The servlet spec doesn't support anything like this. I think what
you'll have to do is write your own Authenticator. You can configure
your own Authenticator by registering a<Valve> that is an
Authenticator in your webapp's<Context>. Just write your own code and
register it using<Valve>.
You can look at the documentation for, say, BasicAuthenticatorValve:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Basic_Authenticator_Valve
And you're going to want to extend AuthenticatorBase.
Tomcat has a "CombinedRealm" which allows authentication against one
of several sub-realms (like LDAP /or/ JDBC), but does not have a
CombinedAuthenticator, which might be a useful addition. If you come
up with something that works, consider donating it to the project.
Jan, are you trying to achieve something like:
http://wiki.apache.org/tomcat/SSLWithFORMFallback
?
I'm trying to do SSL or Basic auth. This is slightly different: SSL or
Form auth.
How I'm thinking about that basic vs. form auth should be the only one
difference.
I'll explore this.
Thanks.
Jan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
