I guess it's for OAuth2. I'm using apache OAuth2 module and AJP in Tomcat. That's just great to externalize authentication out of the application, it works well, avoid bad design by nature ... but : - OAuth2 is mostly defined for an application authentication while in JEE the authentication mecanism are mostly serveur side. - java frameworks trend to code or put everything inside the app, while JEE protected it keeping it outside of the app (in the container)
-------- Message initial -------- De: Thomas Meyer <tho...@m3y3r.de> Répondre à: Tomcat Users List <users@tomcat.apache.org> À: users@tomcat.apache.org Objet: Add custom Authenticator in context.xml Date: Sat, 4 Jul 2020 20:54:17 +0200 Hi, a while ago I did write a little POC of how to add a customauthenticator scheme to tomcat. this is what I did come up with: https://github.com/thomasmey/BearerTokenAuthenticator It's rather complicated solution!Is there an more easy solution to add a custom authenticator scheme to a Context/context.xml? Mfgthomas ------------------------------------------------------------------- --To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.orgFor additional commands, e-mail: users-h...@tomcat.apache.org
