Re: Two auth methods for one application

Thu, 09 Feb 2012 01:46:03 -0800 

Hi Jan,


The servlet spec doesn't support anything like this. I think what
you'll have to do is write your own Authenticator. You can configure
your own Authenticator by registering a<Valve>  that is an
Authenticator in your webapp's<Context>. Just write your own code and
register it using<Valve>.
I don't know if that helps: I recently had a similar problem and I solved it (also thanks to support of this mailing list) in Tomcat 6 (also with apache and ajp) this way:
I wanted two different auth-mechanisms for two classes of users: One inside our network, the other one outside. The outside users have to login via Basic Auth, the others not (because of their IP-address).
I extended RequestFilterValve and overwrote the method process. If the IP address is one of the allowed ones, a UserPrincipal with a generell access is created, which logins the user automatically. If not, the user has to authenticate by username and password. 

protected void process(String property,
                           Request request, Response response)
        throws IOException, ServletException {

        // Check the allow patterns, if any
        for (int i = 0; i < allows.length; i++) {
            if (allows[i].matcher(property).matches()) {
                // create a principal for an existing fake user
                final List<String> roles = new ArrayList<String>();
                roles.add("USER_ROLE");
final Principal principal = new GenericPrincipal(null, "USER", "PASS", roles); 
                // set it in this request
                request.setUserPrincipal(principal);
            }
        }
        // pass this request to the next valve (basic auth)
        getNext().invoke(request, response);
        return;
}
You have to use the new Valve in your context file and switch on Basic Auth in WEB-INF/web.xml of your webapp. 

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/YOUR_WEBAPP">
<Valve className="org.apache.catalina.valves.RemoteAddrOrAuthValve" allow="YOUR_IP_MASK"/> 
</Context>

<security-constraint>
    <web-resource-collection>
      <web-resource-name>restrict by URL</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>USER_ROLE</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Beste Regards,
Remon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to