Am 2019-05-17 um 19:11 schrieb Nacho Ganguli:
HELP, I NEED SOMEBODY, NOT JUST ANYBODY! HELP....
(It all started weeks ago when I tried unsuccessfully to use Tomcat's SSO
Valve and decided to try pre-authentication...)
We are developing a subscription-based "portal" webapp that we use to
authenticate users and perform authentication flows such as expired
passwords, expired subscriptions, forgot password, etc. Then, based on
authorization role annotations, users are able to launch specific webapps
via an API that uses a redirect. To do this, my "portal" webapp uses spring
security configured to perform these authentication flows.
MY PROBLEM: How do I configure Tomcat's container-based authentication to
recognize authentication performed by Spring Security?
I am afraid that this is not possible. Spring Security uses a filter the
decorate the request for #getRemoteUser() and #isUserInRole() while
Tomcat CMS operates on internal classes. Different approaches. Tomcat
source code has to be modified to understand Spring Security's classes.
I went away from Spring Security due to its complexity and to CAS only
by passing with security:jee and using my custom Tomcat authentication
implementation.
If someone knows better, I'd be glad to hear his/her approach.
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
