On 20/05/2014 09:11, Jan Vávra wrote:
> Hello.
> 
> I write my own realm implementation for Tomcat 7.x. In the method
> Principal authenticate(X509Certificate[] certs)
>  I'd like to read request headers. My authentication would be based on
> client certificate + custom http request value.
> Is it possible?

In Tomcat, the Authenticator is responsible for gathering the
credentials. This often requires interaction with the Request and
related objects.

The Realm is responsible for validating credentials. Therefore the Realm
does not need access to the Request and related objects.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to