Do your logs indicate your custom authenticator is active or does it
throw an error?
ANS-->>> tomcat logs and other logs doesn't show any exception or even
traces added in the valve class. In Tomcat 6 we are able to see logs
added in our implemementation of AuthenticatorBase class.
How had you configured the authenticator to work in Tomcat 6.0?
ANS-->>>
In Server.xml we have defined Realm under Engine
<Realm className="com.xyz.platform.realm.Realm"
realmPluginClass="com.xyz.org.realm.MyRealmPlugin"/>
</Engine>
In Web.xml of the application we have defined following
<security-constraint>
<web-resource-collection>
<web-resource-name>Web application
name</web-resource-name>
<description>Simple constraint for web
resources</description>
<url-pattern>/*</url-pattern>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>GET</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description>Simple constraint</description>
<role-name>app-user</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>My App Realm</realm-name>
</login-config>
In context.xml inside META-INF of the application we have defined Valve
<Context path="/myapp" docBase="myapp" debug="0" privileged="true">
<ResourceLink name="tomcatHelper" global="MyTomcatHelper"
type="com.my.app.tools.tomcat.MyTomcatHelper" />
<Valve className="com.my.realm.valve.AuthenticationValve"
characterEncoding="UTF-8"/>
</Context>
----------------------------------------------------------------------------------------
The same is present in Tomcat 7.0.20 but the AuthenticatioValve is not hitting.
One more thing that we have observed that in
CATALINA_HOME/conf/Catalina/localhost/ directory in7.0.20 we are not
having any xml while in Tomcat 6 we are having application context.xml
like files.
Thanks
Sachin
On 2/16/12, Pid <[email protected]> wrote:
> On 16/02/2012 12:30, Sachin Mehrotra wrote:
>> Hi
>>
>> After upgrade from Tomcat 6 to Tomcat 7.0.20, our Basic Authentication
>> valve is not hitting. It seems it is overlooking our implementation of
>> Basic Authentication.
>> Below is the implementation:
>> We are having Realm that is doing authentication using our
>> authentication server. Before that we are having a Valve defined in
>> /META-INF/context.xml that is doing some pre-authentication based on
>> the token define in the HTTPs request.
>> If the token matches our creteria then Realm is hitting for actual Auth.
>>
>> This was working fine when Tomcat 6 was there and we were able to see
>> the logging coming that was added to our Implementation of Baisc
>> Authenticator.
>
> There's no guarantee that the internals of Tomcat remain the same
> between releases.
>
> Do your logs indicate your custom authenticator is active or does it
> throw an error?
>
> How had you configured the authenticator to work in Tomcat 6.0?
>
>
> p
>
>
>
> --
>
> [key:62590808]
>
>
--
With Regards
Sachin Mehrotra
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
