Hello,
thanks for your help. I have now used this method call to manipulate the header
and it works:-))
request.getCoyoteRequest().getMimeHeaders().addValue(Authorization).setString(Basic
am9jaGVuYjpqb2NoZW5i);
Many thanks
Regards
Jochen
: Executing Valve before Basic Authentication takes place
Böhringer Jochen wrote:
But the problem is, that this valve is called after the basic authentication
took place (exactly as it happens if I try to use a servlet filter).
If you explicitly define the Authenticator Valve as well as your own
As it states, the authenticator valve must be attached to the context,
not the host.
Just put your valve at host level and it should be called before the
authentification valve which is automatically added to the context.xml
at deployement.
Also, take a look at single sign-on valve which doe
Hi,
additional Info:
I moved the two valves in a DefaultContext tag at the end of the host
definition.
DefaultContext
Valve
className=de.tccproducts.valves.PenFrameworkAuthenticationValve /
Valve className=org.apache.catalina.authenticator.BasicAuthenticator /
/DefaultContext
From tomcat docs:
You can nest one or more Context elements inside this Host element, each
representing a different web application associated with this virtual
host. In addition, you can nest a single DefaultContext element that
defines default values for *subsequently* deployed web
Again, put your valve in host, not context if you want it to be called
before authentification
Sorry I misunderstood your hint. Now I have this configuration (with Valve and
Host element on the same level):
[...]
Valve className=de.tccproducts.valves.PenFrameworkAuthenticationValve /
Böhringer Jochen wrote:
So I think the request object I modify does not reflect its changes to the
CoyoteRequest the BasicAuthenticator reads the values from. Is there a
solution to modify the CoyoteRequest?
Sounds like you are heading in the right direction. You can access the
headers via
Mark is correct: request.addHeader has been deprecated in 5.5.x+, and
doesn't actually do anything at all. See Mark's response for the correct
way to add your own request header.
Alternatively, if the set the userPrincipal on the Request in your Valve,
then Tomcat won't bother to try and
Hello,
I try to get the following to work (Apache Tomcat/5.5.9 as ServletContainer
within JBoss 4.x):
I have a servlet inside a web application which is protected by Basic
Authentication. The problem is that I have some clients which cannot do the
challenge response basic authentication
Böhringer Jochen wrote:
But the problem is, that this valve is called after the basic authentication
took place (exactly as it happens if I try to use a servlet filter).
If you explicitly define the Authenticator Valve as well as your own,
and specify your own first, you should get the
10 matches
Mail list logo
