> Nope, that's all done in the Authentication element. However, you need
> nothing of this for HTTP authentication. I don't exactly remember how
> that works but I suspect that you need to set a couple of headers.
It's dead simple; see next paragraph. But the problem now is that
Tomcat (version 5.5.12) will not give me access to its MemoryRealm,
so I wonder if any of the Tomcat experts on the list can help me out.
(See "HOWEVER", below.)
"tcpmon" revealed what a Tomcat authentication adapter would need
to do. Tomcat replies to an unauthorised request with (for example)
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Tomcat Manager Application"
When the browser sees "401", it ignores the body and puts up
a login dialog box. Click OK and the browser begins adding
this header to every request:
Authorization: Basic ZnJlZDp0b21jYXRkZXJm
The browser continues to send this "Authorization:" header with
every subsequent GET. The (sample) string "1jYXRkZXJmZnJlZDp0b2"
is a base64 encoding (i.e. cleartext) of the string
username:password
The browser keeps the user logged in until the browser is closed
and the browing session ends. So it seems that to emulate this
behavior, an adapter would have to check Tomcat's authentication
database on _every_ request.
** HOWEVER ...
An authentication adapter would ask Tomcat for direct access to
the Realm that is in use. But, I find that Tomcat is not being
cooperative with its MemoryRealm authentication data :-/
The wiki answers this question:
http://wiki.apache.org/tomcat/HowTo#head-42e95596753a1fa4a4aa396d53010680e3d509b5
Q: How do I get direct access to a Tomcat Realm?
A: [..] Note that in order for this to work the Context
of the web application in question needs to have its
privileged attribute set to "true", otherwise web
apps do not have access to the Tomcat classes.
[ then sample code is provided ]
So, my start-up code makes these calls:
Server server = ServerFactory.getServer();
Service svcs[] = server.findServices();
Unfortunately this code is returning a total _zero_ services,
apparently/probably because the servlet is not privileged. So,
I have tried editing a few candidate files, IAW what I have
found on the web and in the book I have.
Essentially, I have to mark my servlet's Context ("/mdc")
with the attribute: privileged="true"
There are three places where this should or could work:
* CATALINA_HOME/conf/server.xml
* CATALINA_HOME/conf/[enginename]/[hostname]
* CATALINA_HOME/conf/context.xml (so that _all_ servlets
that are not otherwise configured will be privileged)
Unfortunately ... these are ALL failing to grant the privi-
lege required ... if indeed privilege is the issue here.
Can anyone provide some guidance here ?
fred
--
F.Baube *
Georgetown/MSFS/1988 * Act locally.
email fbaube#welho.com * Think pangalactically.
gsm +358 41 536 8192 *
wmd 60°11'10.8"N 24°57'36.9"E
_______________________________________________
Rife-users mailing list
[email protected]
http://www.uwyn.com/mailman/listinfo/rife-users
