Hi all, I've been investigating add another login option beyond BASIC,FORM, etc to Tomcat. According to the Servlet 2.4 spec it appears that adding another "vendor supplied" login method is allowed.
I've tweaked my copy of Tomcat to add the type "CAS" that support the Central Authentication Service method: http://tp.its.yale.edu/tiki/tiki-index.php?page=CentralAuthenticationService. I did this by adding extra properties to LoginConfig, tweaking the digester rules to read in extra cas-login-config/* properties from web.xml, and adding CasAuthenticator. This did require editing a couple of Tomcat files. I am a) wondering if there is a less intrusive way, and b) wondering if this would make a good contribution? I don't quite understand why Tomcat has the LoginConfig, instead of just instantiating an Authenticator via the Digester ruleset and attaching that to the appropriate realm. If the Digester WebRuleSet was in an xml file then you could extend authentications without making any Java code changes I think.. Eric -- Open WebMail Project (http://openwebmail.org) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]