Hi,
Context:
I have a client who comes in to the server with a request URL of the
form https://username:password@server/servletname. I need to get this
authentication information passed on from apache to tomcat where in my
serlvet can strip the userid and password for verfication (using my own
mechanism). Authorization headers are returning null values in my current
implementation.
Question:
I read about Custom realms in tomcat. Is it possible to use the same to
solve the issue above? If so, how can I derive my own realm classes from
RealmBase class to achieve this? I cannot use JDBC/JNDI/Memory realms due to
architectural issues and will need a custom implementation.
Is there any other way of authenticating such clients (the number of
different users and passwords are as high as 5000 and upwards)?
Thanks and Regards,
Sunu
