I just wanted to follow up on my earlier post, and thank Tim Funk and
Bill Barker for leading me in the right direction.
It turned out that my Valve code was in fact mostly correct; I was
just installing it in the wrong place! I had it installed at the
Engine level, where all sorts of weird
Sweet! (Says the guy who has to write a CustomValve for work in the near future)
-Tim
Bill Barker wrote:
BasicAutheniticator is a Context-level Valve, so it can't possibly get
invoked before an Engine-level Valve. You've got something really strange
in your setup.
The other thing to point out
We've had an Apache/Tomcat configuration deployed for a couple years
now. Authentication is handled by a custom Apache plugin written in
C. Everything works great and has been quite reliable.
Now we would like to move to a standalone Tomcat configuration and
have been investigating writing a
I don't have time to see whats wrong, but check the SingleSignOnValve as a
reference to compare your code.
-Tim
Scott Kelley wrote:
We've had an Apache/Tomcat configuration deployed for a couple years
now. Authentication is handled by a custom Apache plugin written in C.
Everything works
SingleSignOn has much the same code as BasicAuthenticator:
in org.apache.catalina.authenticator.SingleSignOn.java:
// Look up the cached Principal associated with this cookie value
if (debug = 1)
log( Checking for cached principal for + cookie.getValue());
I took a little longer look. All looks ok to me. Turn up debugging. Are you
sure that your valve is being executed before the BasicAuthenticator valve?
-Tim
Scott Kelley wrote:
SingleSignOn has much the same code as BasicAuthenticator:
in org.apache.catalina.authenticator.SingleSignOn.java:
Aha, you're right!
First problem, I didn't have the right logging enabled; I hadn't
noticed that I didn't see any of the log messages from
BasicAuthenticator.java.
Second problem, with logging cranked up appropriately, is that
BasicAuthenticator gets called before my code.
Which leads to my
How about placing it inside host like the SSO valve?
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/host.html#Single%20Sign%20On
I don't think you'll need to write a Realm. Realms are for mapping roles.
(and authentication)
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/realm.html
BasicAutheniticator is a Context-level Valve, so it can't possibly get
invoked before an Engine-level Valve. You've got something really strange
in your setup.
The other thing to point out is that if you configure your Valve at the
Context-level, and implement org.apache.catalina.Authenticator,
:
Thema: Valve as Custom Authenticator
11.06.2003 20:13
10 matches
Mail list logo
