-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Zemian,
On 8/8/17 9:36 AM, Zemian Deng wrote: > Hi, how about extends the > "org.apache.catalina.authenticator.AuthenticatorBase"? or extends > "FormAuthenticator" if you are using form based. The base class is > actually a Valve, thus provide the "Request" object access. And to > use it, just simply add as a valve in your context xml file. If I > understand it correctly, this will override the default one. I'm trying to come up with a more pluggable solution, like I did with the CredentialHandlers. Obviously, I can simply write or extend whatever Valve I want and do anything with it, but having to choose a single type of authenticator isn't very flexible. I'd prefer a solution that improves Tomcat for the whole community, rather than one that merely meets my private needs. - -chris > On Tue, Aug 8, 2017 at 9:09 AM, Mark Thomas <ma...@apache.org> > wrote: > >> On 08/08/17 14:01, Christopher Schultz wrote: >>> Mark, >>> >>> On 8/8/17 8:49 AM, Mark Thomas wrote: >>>> On 08/08/17 13:44, Christopher Schultz wrote: >>> >>>> <snip/> >>> >>>>> I have no problem with Tomcat having access to the IP >>>>> address. I just want Tomcat to make that IP address >>>>> available to the authenticator component in some way. >>> >>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59750 >>> >>>> Implementing that in a way that is truly backwards >>>> compatible requires a little thought. >>> >>> I agree that backward-compatibility is a significant issue, >>> since the Realm interface hasn't changed since ... well, ever. >>> >>> How about cheating and using a ThreadLocal? >>> >>> try { tl.set(theRequest) >>> authenticator.authenticate(username,password); } finally { >>> tl.set(null); } >>> >>> ?? >> >> Yuck. >> >>> For SecurityFilter, we added a sub-interface that adds more >>> methods, like this: >>> >>> authenticate(String username, String password); >>> authenticate(String username, String password, >>> HttpServletRequest req); >>> >>> Then, the driver does this: >>> >>> if(realm instanceof ExtendedRealm) >>> ((ExtendedRealm)realm).authenticate(username, password, >>> theRequest); else realm.authenticate(username, password); >> >> That could work for 8.5.x and earlier. We can use default methods >> in Tomcat 9. >> >> I was also thinking about the case where a custom component >> called the Realm (e.g. custom nested Realms). I'm not sure there >> is one solution that can cleanly handle all use cases. We >> probably need to go with the majority. >> >>> If using the HttpServletRequest itself is architecturally >>> distasteful, we could use some other kind of data object, or >>> simply java.lang.Object (which is a little distasteful >>> itself). >> >> I have no problem with using the HttpServletRequest. >> >> Mark >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlmKD0AACgkQHPApP6U8 pFj78Q//UPwFI0H/Ixbix31lMcK819yiRxDMJJ5aMFkg/JchZJBm6eoJ3pJwP8nF W9LD/x9qF3tNFc+N3fATUOKi9NWHEnMXxKqWm0OzSmGeM7V1XnaT8hUjA5Mm97He Io4YSVncq4bG7rb5asyK0+p0zqLZGxPZMeAe+2tM0uvoy06YELJaV6Ra9is8tVtS CncQYJlDTTHT0ecsbIBUQiC46daYEIbaF0yxU0z794cEN4yAd17jlFmFpQs+7eAT wNy9eCAlG+Q7w15/rea50QniER+NDGdbXGz6Vpyp42MSy2Zr19cXZQMqlWVrQV3t Od7C8pjzNIRUHFPFeFX21jfeLReFmTioDXlHrwnayy8WsecYHq2iVkMdEpm7NxY2 etGg26RKPypiLepA3cwj4tUR6lmgE9A7ydP7utY2IfOKU6QZ0vyCz5KITELq+yqf XG2i/RvI/U7qutXqk5nbkkEH6UCsN9eQrCtKZ4r5tLxIJDlSLSsgsHrUKKdd1zJ8 ACHSKMEA1HyA8pbI7mdENeogNWz1dQ3J7JSpWjHmsEcPutn2dP4Q25+StjkuFAah W1neqzXrT/Vt/K98Q3mS3YK8/x+X91TS46C2J6zut76KDRHqBAwiXDNq+KFzKePR +SzBiHS6elz4tXz+zxRG+stmL96ooDMUMJMzDSPSCqGPzmC3jvQ= =YgBR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
