Re: Custom Authenticator
Am Mittwoch, den 01.06.2016, 09:29 -0400 schrieb Christopher Schultz: > Thomas, > > On 6/1/16 7:15 AM, Thomas Meyer wrote: > > > > Hi, > > > > How do I get a custom mapping set in > > ContextConfig.setCustomAuthenticators? ( > > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/st > > art > up/ContextConfig.html#setCustomAuthenticators(java.util.Map) > > > > > > > ) > > > > > > I want to add a custom mapping for lets say BEARER to a my > > Authenticator. I searched the source code but nobody seems to call > > this method. So how and where should this map be configured? > Do you mean that you want to replace FORM or CLIENT-CERT in web.xml > with BEARER and have it use your authenticator? > > Would you be okay if you just ignored the and installed > your own authenticator? Because you can do that just by registering > your CustomAuthenticatorValve in your valve chain for your > application. Hi, I came up with this solution: 1.) use custom host implementation in conf/server.xml in add className="de.m3y3r.catalina.core.CustomStandardHost" attribute 2.) webapp's web.xml - add login-config BEARER OAuthRealm Apply security-constraint as usual. use role "**" if you just want authentication. 3.) in webapp's context.xml define a suitable realm https://localhost:8080/path/to/endpoint; clientId="username" clientSecret="password"/> Code is here: https://github.com/thomasmey/BearerTokenAuthenticator Feedback is welcome. with kind regard Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom Authenticator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas, On 6/1/16 7:15 AM, Thomas Meyer wrote: > Hi, > > How do I get a custom mapping set in > ContextConfig.setCustomAuthenticators? ( > https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/start up/ContextConfig.html#setCustomAuthenticators(java.util.Map) > > ) > > I want to add a custom mapping for lets say BEARER to a my > Authenticator. I searched the source code but nobody seems to call > this method. So how and where should this map be configured? Do you mean that you want to replace FORM or CLIENT-CERT in web.xml with BEARER and have it use your authenticator? Would you be okay if you just ignored the and installed your own authenticator? Because you can do that just by registering your CustomAuthenticatorValve in your valve chain for your application. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAldO40AACgkQ9CaO5/Lv0PBKCwCgkPlnOXK1U01agZ152xdQrKbr NKcAoMI1CZZUZf5cSVLvN4cZ75Ho5+qf =njpx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Custom Authenticator
You can also implement custom LoginModule according to the JAAS specification. JAAS tutorial and LoginModule example is included in the JDK documentation. | -Original Message- | From: Arash Bijanzadeh [mailto:[EMAIL PROTECTED] | Sent: Thursday, February 02, 2006 7:21 AM | To: users@tomcat.apache.org | Subject: Custom Authenticator | | | Hi, | I need to implement my custom authenticator to do some extra | comfig i user session beside the authentication. How can I | achive this? Is there a way to do authentication besides | rigid j_check_security? | | -- | from debian manifesto: | Debian Linux is a brand-new kind of Linux distribution. | Rather than being developed by one isolated individual or | group, as other distributions of Linux have been developed in | the past, Debian is being developed openly in the spirit of | Linux and GNU. | - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom Authenticator
Have You thought about a request filter? All it has to do is watch for authenticated sessions that are missing some critical session attributes. Fill in the missing info as needed. -David Arash Bijanzadeh wrote: Hi, I need to implement my custom authenticator to do some extra comfig i user session beside the authentication. How can I achive this? Is there a way to do authentication besides rigid j_check_security? -- from debian manifesto: Debian Linux is a brand-new kind of Linux distribution. Rather than being developed by one isolated individual or group, as other distributions of Linux have been developed in the past, Debian is being developed openly in the spirit of Linux and GNU. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]