Has anyone used NonLoginAuthenticator? Or know if it is still ok? http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/NonLoginAuthenticator.java?rev=1.3&content-type=text/vnd.viewcvs-markup
From a quick code walkthrough it looks like an authenticator for use when apache propogates the REMOTE_USER. So the only job of the realm is to map Users to roles? (With no authentication)
So the only deviation from the spec is that all login configuration such as FORM, BASIC, ... is ignored. But all role authorization as defined in web.xml and configured in one's Realm is still used.
Does this sound correct?
-Tim
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
