-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 9/26/2011 9:29 AM, André Warnier wrote: > You may also want to have a look at SecurityFilter, which could > well be an easier way for you > (http://securityfilter.sourceforge.net/) I do not think that it has > provisions for "automatically" authenticating a user based on his > client IP address, but it may be easier to just add the required > code there. Securityfilter is a bit simpler than Tomcat's authentication system, and so be a bit more hackable. But sf itself does not have any CombinedRealm (like Tomcat, which checks attempts several realms for authentication until one succeeds) nor can it use IP address for credentials (what is the user's username/id when the IP address is sufficient for authentication?). I would have suggested a custom Realm in Tomcat but Tomcat doesn't give you access to the HttpServletRequest and therefore you can't sniff the IP address. :( The use of HTTP BASIC authentication confuses things here because of the credential transfer mechanism (HTTP headers). I suppose you could write a Valve that sniffs the user's IP address and then adds HTTP headers to the request for the "Authentication" header to essentially force a login. You'll have to decide what the user's Principal will need to look like (because Tomcat will actually try to /verify/ the fake-user's credentials and maintain a "login" for them, running proper authorization checks, etc.) in order to actually work. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6A09IACgkQ9CaO5/Lv0PAJCQCfStx77PBDPC73Qf9riib3FzUL DKcAnjBmMQgqYC4HW0ohxIVpqmfMf5Tp =DjaE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
