Hi,
for our own web-application we overwrite the standard way of how Tomcat
BasicAuthenticator is working in order to avoid the popup of a
"Basic-Auth-Dialog" in some situations (where we're calling a service
provided by the tomcat over a script). Therefore our context.xml in the app
looks as follows:
<Context cookies="false">
<Valve
className="biz.horus.database.server.servletscript.HorusTomcatBasicAuthenticator"
/>
</Context>
HorusTomcatBasicAuthenticator is implemented as follows:
public class HorusTomcatBasicAuthenticator extends BasicAuthenticator
implements Authenticator {
@Override
public boolean authenticate( Request request, HttpServletResponse
response) throws IOException {
System.out.println( "XXXX start out");
boolean result = super.authenticate( request, response);
System.out.println( "XXXX authenticate: " + result);
modifyResponse( request, response);
return result;
}
private void modifyResponse( Request request, HttpServletResponse
response) {
String url = request.getPathInfo();
System.out.println( "XX URL=" + url);
System.out.println( "XX Auth Header:" + response.getHeader(
AUTH_HEADER_NAME));
if ( response.getHeader( AUTH_HEADER_NAME) != null &&
url.startsWith( "/rest"))
response.setHeader( AUTH_HEADER_NAME, "HCP_BASIC");
}
}
This is working great with Tomcat 8.0(.37). Though with Tomcat 8.5.5 that
code in "authenticate" is no longer called. Instead it seams that the
"standard" BasicAuthenticator is being used.
However if I entirely remove my jar-file that contains
HorusTomcatBasicAuthenticator.jar from the tomcat/lib-folder I'm getting an
error.
Any ideas on that? I've looked into the tomcat 8.5 migration guide but
could not find any hints on changed behaviour. Also when comparing the
Valve-Documentation of Tomcat 8.5 and 8.0 I do not see a difference.
Or would it be better to address this with d...@tomcat.apache.org since it
might as well be a bug?
Or is there a more elegant way to solve this problem to not reply with
"WWW-Authenticate: Basic" if authentication is not succesful?
Any help would be highly appreciated,
BR
Johannes
--
______________________________________________________________
Johannes Michler -- Senior Principal Consultant
PROMATIS software GmbH
Pforzheimer Str. 160
76275 Ettlingen, Deutschland
Tel.: +49 7243 2179 0 -- Fax: +49 7243 2179 99
mailto: johannes.mich...@promatis.de
Knowledge powered business processes: www.promatis.de
[image: Bild]
______________________________________________________________
Sitz der Gesellschaft: Ettlingen
Registergericht: Mannheim, HRB 361772
Geschäftsführer: Dr. Frank Schönthaler, Rainer Mann, Michael Mohl
[image: Bild]
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
