-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
André,
On 4/1/17 8:17 AM, André Warnier (tomcat) wrote:
> Could not a solution be, to provide in the Realm, another
> authenticate() signature, with
> authenticate(user,credentials,extra_params) with "extra_params"
> being some kind of HashMap able to potentially contain any kind of
> key=>value thing ? Of course you'd still need to write the
> appropriate caller, but it would at least open the door. And any
> existing standard Realm can just ignore the extra argument. (or
> does that sound like a "too-perl-y" suggestion ?)
I think I'd want to do something like this:
public interface CustomAuthenticatorThing {
public Object prepareCustom(...);
}
Then another method on the Realm like:
public boolean authenticate(Object customObject);
Then the Authenticator code would do something like this:
Object customRealmObject = null;
if(null != customizer) {
customRealmObject = customized.prepareCustom(...);
authenticated = realm.authenticate(customRealmObject);
} else {
realm.authenticate(username, password);
}
There's a lot of missing complexity there, of course, but I think you
get the idea. The Realm plus its customizer would agree on an
intermediate object to use, and the authenticator would shuttle the
data between them.
Of course, if the authenticator is going to pass-in the "..." objects
to the customizer, maybe it would be more straightforward to just have
the Realm implement an authenticate(...) method instead.
I guess the only reason would be that the Realm interface hasn't
changed much in ... forever. Inertia, I guess.
I might try agitating to get this changed, because it's annoyed me
since the very beginning -- to the point where I don't use Tomcat's
built-in authentication and authorization capabilities at all. :(
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJY4rGSAAoJEBzwKT+lPKRYdNAP+wRlv685z44wtl9m7M9rc600
W/TPJMFGDcSOQku2Mp/T4zXayzdAdxjmbFNRn84lSrF67X+Ax2zSCxBmUfGv/zvL
+S85npuDa3qmu0ISsIPbKx+v360+LPhP+FUDtnEc2Rps6LNgR4ytqqJWctFPnKU/
EUK9UZM5po6OOL+wtj/b5JSlpXMrJsVe5wN9/cEwJaHITyaIhaRqStrXLAISxwcb
sESJek/Cp5Nq7lniud8QkTjN4/h23Fod3L2si/C4HwCKmMHP4wZ84uVRvngMvhbA
gtDzEJ/xdJIdGt1p/1DME4EDJBaSET/xO3bgdzCvo1UsPyqTL6EjOwrJoWQrPPYt
Hqnr67fHWlceP5/xpTBXYrtxF3aUFJ1212O/WYvOHB7BrK+rrTTB+EpDs5JycJSR
TtWq8QAe+gNldcE/24x6NGvLxh7IB5lVBoazsTCrpr91lViwYz4QO6zuvhtYOdFr
lfiJ59QsDUzl7qWpuyP8zHxmeCdxrl75IHHd6a9sbqqzhaxy2xs1XIFD6P9LRqXV
AdIWS5sT9MI3zwIm+Anfl7KhlUhJDxl2zJxrpg6YWHNVzqAl53H28RNxowYfI5m5
aH/N0a3R94TH8zNllH8NUGOdKRYZrw9ymfR2Ib9AT9JEw4go4xOad1kWpu/AfZ2M
auwd9DVkfnZK+3+f3J+K
=x+hi
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
