On 20/05/2014 09:11, Jan Vávra wrote: > Hello. > > I write my own realm implementation for Tomcat 7.x. In the method > Principal authenticate(X509Certificate[] certs) > I'd like to read request headers. My authentication would be based on > client certificate + custom http request value. > Is it possible?
In Tomcat, the Authenticator is responsible for gathering the credentials. This often requires interaction with the Request and related objects. The Realm is responsible for validating credentials. Therefore the Realm does not need access to the Request and related objects. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org