Hi, for our own web-application we overwrite the standard way of how Tomcat BasicAuthenticator is working in order to avoid the popup of a "Basic-Auth-Dialog" in some situations (where we're calling a service provided by the tomcat over a script). Therefore our context.xml in the app looks as follows:
<Context cookies="false"> <Valve className="biz.horus.database.server.servletscript.HorusTomcatBasicAuthenticator" /> </Context> HorusTomcatBasicAuthenticator is implemented as follows: public class HorusTomcatBasicAuthenticator extends BasicAuthenticator implements Authenticator { @Override public boolean authenticate( Request request, HttpServletResponse response) throws IOException { System.out.println( "XXXX start out"); boolean result = super.authenticate( request, response); System.out.println( "XXXX authenticate: " + result); modifyResponse( request, response); return result; } private void modifyResponse( Request request, HttpServletResponse response) { String url = request.getPathInfo(); System.out.println( "XX URL=" + url); System.out.println( "XX Auth Header:" + response.getHeader( AUTH_HEADER_NAME)); if ( response.getHeader( AUTH_HEADER_NAME) != null && url.startsWith( "/rest")) response.setHeader( AUTH_HEADER_NAME, "HCP_BASIC"); } } This is working great with Tomcat 8.0(.37). Though with Tomcat 8.5.5 that code in "authenticate" is no longer called. Instead it seams that the "standard" BasicAuthenticator is being used. However if I entirely remove my jar-file that contains HorusTomcatBasicAuthenticator.jar from the tomcat/lib-folder I'm getting an error. Any ideas on that? I've looked into the tomcat 8.5 migration guide but could not find any hints on changed behaviour. Also when comparing the Valve-Documentation of Tomcat 8.5 and 8.0 I do not see a difference. Or would it be better to address this with d...@tomcat.apache.org since it might as well be a bug? Or is there a more elegant way to solve this problem to not reply with "WWW-Authenticate: Basic" if authentication is not succesful? Any help would be highly appreciated, BR Johannes -- ______________________________________________________________ Johannes Michler -- Senior Principal Consultant PROMATIS software GmbH Pforzheimer Str. 160 76275 Ettlingen, Deutschland Tel.: +49 7243 2179 0 -- Fax: +49 7243 2179 99 mailto: johannes.mich...@promatis.de Knowledge powered business processes: www.promatis.de [image: Bild] ______________________________________________________________ Sitz der Gesellschaft: Ettlingen Registergericht: Mannheim, HRB 361772 Geschäftsführer: Dr. Frank Schönthaler, Rainer Mann, Michael Mohl [image: Bild]
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org