-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 André,
On 4/1/17 8:17 AM, André Warnier (tomcat) wrote: > Could not a solution be, to provide in the Realm, another > authenticate() signature, with > authenticate(user,credentials,extra_params) with "extra_params" > being some kind of HashMap able to potentially contain any kind of > key=>value thing ? Of course you'd still need to write the > appropriate caller, but it would at least open the door. And any > existing standard Realm can just ignore the extra argument. (or > does that sound like a "too-perl-y" suggestion ?) I think I'd want to do something like this: public interface CustomAuthenticatorThing { public Object prepareCustom(...); } Then another method on the Realm like: public boolean authenticate(Object customObject); Then the Authenticator code would do something like this: Object customRealmObject = null; if(null != customizer) { customRealmObject = customized.prepareCustom(...); authenticated = realm.authenticate(customRealmObject); } else { realm.authenticate(username, password); } There's a lot of missing complexity there, of course, but I think you get the idea. The Realm plus its customizer would agree on an intermediate object to use, and the authenticator would shuttle the data between them. Of course, if the authenticator is going to pass-in the "..." objects to the customizer, maybe it would be more straightforward to just have the Realm implement an authenticate(...) method instead. I guess the only reason would be that the Realm interface hasn't changed much in ... forever. Inertia, I guess. I might try agitating to get this changed, because it's annoyed me since the very beginning -- to the point where I don't use Tomcat's built-in authentication and authorization capabilities at all. :( - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJY4rGSAAoJEBzwKT+lPKRYdNAP+wRlv685z44wtl9m7M9rc600 W/TPJMFGDcSOQku2Mp/T4zXayzdAdxjmbFNRn84lSrF67X+Ax2zSCxBmUfGv/zvL +S85npuDa3qmu0ISsIPbKx+v360+LPhP+FUDtnEc2Rps6LNgR4ytqqJWctFPnKU/ EUK9UZM5po6OOL+wtj/b5JSlpXMrJsVe5wN9/cEwJaHITyaIhaRqStrXLAISxwcb sESJek/Cp5Nq7lniud8QkTjN4/h23Fod3L2si/C4HwCKmMHP4wZ84uVRvngMvhbA gtDzEJ/xdJIdGt1p/1DME4EDJBaSET/xO3bgdzCvo1UsPyqTL6EjOwrJoWQrPPYt Hqnr67fHWlceP5/xpTBXYrtxF3aUFJ1212O/WYvOHB7BrK+rrTTB+EpDs5JycJSR TtWq8QAe+gNldcE/24x6NGvLxh7IB5lVBoazsTCrpr91lViwYz4QO6zuvhtYOdFr lfiJ59QsDUzl7qWpuyP8zHxmeCdxrl75IHHd6a9sbqqzhaxy2xs1XIFD6P9LRqXV AdIWS5sT9MI3zwIm+Anfl7KhlUhJDxl2zJxrpg6YWHNVzqAl53H28RNxowYfI5m5 aH/N0a3R94TH8zNllH8NUGOdKRYZrw9ymfR2Ib9AT9JEw4go4xOad1kWpu/AfZ2M auwd9DVkfnZK+3+f3J+K =x+hi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org