-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remon,
On 9/27/2011 5:14 AM, Remon Sadikni wrote: > Hi André, hi Christopher, > > thanks for your answers. >> >> The use of HTTP BASIC authentication confuses things here because >> of the credential transfer mechanism (HTTP headers). I suppose >> you could write a Valve that sniffs the user's IP address and >> then adds HTTP headers to the request for the "Authentication" >> header to essentially force a login. You'll have to decide what >> the user's Principal will need to look like (because Tomcat will >> actually try to /verify/ the fake-user's credentials and maintain >> a "login" for them, running proper authorization checks, etc.) in >> order to actually work. > > I think I will try this. Are there any tutorials for writing a > Valve? I am a Java programmer but new to Valves. It's a very simple interface: > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/Valve.html You > should probably extend ValveBase so you don't have to implement all the silly management methods. > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/ValveBase.html This > will let you implement only the important method: invoke(). Note that the arguments to that method are Request and Response, which are Tomcat internal classes. They are similar to the ServletRequest and ServletResponse classes with which you may have some familiarity, but they are different so you should make sure you have the Tomcat Javadocs handy when writing your Valve. See the documentation for the invoke() method for tips on how to implement it properly. At some point, you have to make up your own code to accomplish your own requirements, but you need to follow the rules for making sure that the Valve actually works when you install it. Install the Valve by adding a <Valve> declaration in your <Context> element. I'm not entirely sure if your Valve will be invoked before the Valves that do Tomcat's authentication and authorization, but you have to make sure that yours run first. If yours appears to be skipped, post back and we'll figure out how to get it to run before the auth stuff. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6CCewACgkQ9CaO5/Lv0PBaIgCggciYF4svta9QFXepV5Zzb85E pLYAn0orX31r9DbCBMrmfNlWYp6+jqqp =BJEn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
