Re: tomcat security authenticator
2012/6/28 Komáromi, Zoltán komaromi.zol...@horticosoft.hu: Hi, I need to use custom authenticator, because a part of application is using container authentication, and unfortunately the usersernames in realm conflicts with usernames in application database. :( So I need, that if anibody is logged in to my application, then the authenticator automatically authorizes when needed. I think, if I replace the FormAuthenticator with an descendant, it'll solve the problem. To extend FormAuthenticator is simple, but how can I make Tomcat to use it? 1) Why not a Realm? 2) An Authenticator is a Valve and is configured like any other valve. If one is present, Tomcat will not configure its own. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat security authenticator
1. Why not a Realm? Because the authentication depends on session attribute, and I want to bypass the form if user is logged in. So is this correct? Valve className=hu.kozo.security.MyFormAuthenticator / The tomcat's doc says, that Java class name of the implementation to use. This MUST be set to org.apache.catalina.authenticator.FormAuthenticator. Tnaks for help. 2012/6/28 Konstantin Kolinko knst.koli...@gmail.com: 2012/6/28 Komáromi, Zoltán komaromi.zol...@horticosoft.hu: Hi, I need to use custom authenticator, because a part of application is using container authentication, and unfortunately the usersernames in realm conflicts with usernames in application database. :( So I need, that if anibody is logged in to my application, then the authenticator automatically authorizes when needed. I think, if I replace the FormAuthenticator with an descendant, it'll solve the problem. To extend FormAuthenticator is simple, but how can I make Tomcat to use it? 1) Why not a Realm? 2) An Authenticator is a Valve and is configured like any other valve. If one is present, Tomcat will not configure its own. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat security authenticator
2012/6/28 Komáromi, Zoltán komaromi.zol...@horticosoft.hu: 1. Why not a Realm? Because the authentication depends on session attribute, and I want to bypass the form if user is logged in. When I used Tomcat's realm to authenticate users , that was a issue than I missed : to access to session enviroment or context enviroment. I had to try Spring Security because it implements this feature I understand that authentication is a previous step to accessing web application, but , sometimes, it's required to update session enviroment . For example, to forward to a custom error page , with a diferent message error ( user not found, user is already logged, etc. ) Some of these things I could solve with filters temp registers in database, but I don't like it - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat security authenticator
I think, if I replace the FormAuthenticator with an descendant, it'll solve the problem. To extend FormAuthenticator is simple, but how can I make Tomcat to use it? I tested this out at one time but it was never placed in production. My terse notes, which might be leaving something out, on doing this are: In web.xml define auth-method as: auth-methodFORMOIT/auth-method Extract org/apache/catalina/startup/Authenticators.properties from catalina.jar add line: FORMOIT=mynewpackage.NewFormAuthenticator Update catalina.jar jar -uf catalina.jar org/apache/catalina/startup/Authenticators.properties HTH, Kris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat security authenticator
so the client will need to encrypt the data before the client puts the data on the wire? in that case you'll want to take a look at configure both the client transmitting the secured data and server ACK or responding with encrypted resp via JSSE http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html Fun Stuff Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Subject: Re: tomcat security authenticator From: kris.eas...@colorado.edu To: users@tomcat.apache.org Date: Thu, 28 Jun 2012 07:51:58 -0600 I think, if I replace the FormAuthenticator with an descendant, it'll solve the problem. To extend FormAuthenticator is simple, but how can I make Tomcat to use it? I tested this out at one time but it was never placed in production. My terse notes, which might be leaving something out, on doing this are: In web.xml define auth-method as: auth-methodFORMOIT/auth-method Extract org/apache/catalina/startup/Authenticators.properties from catalina.jar add line: FORMOIT=mynewpackage.NewFormAuthenticator Update catalina.jar jar -uf catalina.jar org/apache/catalina/startup/Authenticators.properties HTH, Kris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat security authenticator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zoltán, On 6/28/12 4:08 AM, Komáromi, Zoltán wrote: 1. Why not a Realm? Because the authentication depends on session attribute, and I want to bypass the form if user is logged in. So is this correct? Valve className=hu.kozo.security.MyFormAuthenticator / The tomcat's doc says, that Java class name of the implementation to use. This MUST be set to org.apache.catalina.authenticator.FormAuthenticator. You must use FormAuthenticator if you want to use Tomcat's FORM authentication. It doesn't mean it's the only valid value for the class attribute. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/s9GsACgkQ9CaO5/Lv0PDUawCeIvQA5lwB5eNyld/vdQ1cTXXP CmIAn3DeIW/bPeAThNunF4VI7J83EMlK =F8Im -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org