Re: Specifying a Custom Authenticator Class

[Michael Osipov]

Am 2021-10-02 um 02:48 schrieb Jerry Malcolm:
I need to write a custom BasicAuthenticator class to decode a 
specialized encoding of the authToken.  I have been scouring google for 
info.  I found one post where the answer included the statement:


This would clearly violate Basic auth scheme and the according RFC. I 
highly recommend against. Don't abuse Basic. Create your own 
scheme/header and solve your problem with it.


M


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Specifying a Custom Authenticator Class

[Christopher Schultz]

Jerry,

On 10/1/21 20:48, Jerry Malcolm wrote:
I need to write a custom BasicAuthenticator class to decode a 
specialized encoding of the authToken.  I have been scouring google for 
info.  I found one post where the answer included the statement:


"Extending from AuthenticatorBase is a great idea, and you can avoid 
Tomcat's standard authenticator by configuring your authenticator as a 
in your application's META-INF/context.xml file."


That is  precisely what I want to do. But I cannot find any 
documentation on how to configure a different authenticator class in a 
context.xml file.  I'm sure I'm just missing it, or I'm using totally 
incorrect words in the googe searches to find it.


Can someone please point me to the documentation for this?


How is your header value different from typical HTTP Basic?

You may be able to get away with an implementation of the 
CredentiaHandler instead of the Authenticator.


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org