On Wed, 9 Jan 2002, Dan Kha wrote:
> Date: Wed, 9 Jan 2002 15:54:52 -0500 (EST)
> From: Dan Kha <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: TC4.01: custom Authenticator
>
>
> Hi,
>
> I'm interested in writing my own Authenticator implementation. My
> question is, after writing my own implementation, how do I tell Tomcat
> 4.01 to use my own custom Authenticator (and if possible without changing
> Tomcat's source)?
>
The following cookbook steps should get you started:
* Create your own Authenticator implementation. Usually it's
easiest to extend org.apache.catalina.authenticator.AuthenticatorBase
for this, but at a minimum you have to implement Valve.
* Package your Authenticator class in a JAR file and put it in
$CATALINA_HOME/server/lib, *or* leave it in an unpacked directory
structure under $CATALINA_HOME/server/classes (which you might
have to create). As you'll see in the next step, the latter is
probably easier.
* Extract the file "org/apache/catalina/startup/Authenticators.properties"
file from $CATALINA_HOME/server/lib/catalina.jar, into the server/classes
directory
($CATALINA_HOME/server/classes/org/apache/catalina.startup/Authenticators.properties)
* Edit this file to include an entry for a new login method. For example:
FOO=com.mycompany.mypackage.MyAuthenticator
* Modify the web.xml file of apps that want to use this Authenticator
to indicate the use of the new authentication method:
<login-config>
<auth-method>FOO</auth-method>
...
</login-config>
Note that you cannot change any of the elements in web.xml because
they are fixed by the DTD.
> I know that to use the standard authenticators, I add the appropriate
> lines in the web.xml file but I haven't found a way to change that to
> support my own.
>
It should go without saying that you're tying yourself now and forever
more to the Tomcat 4 architecture, but the above should work.
> Does anyone have any ideas?
>
> Thanks in advance,
> Dan
>
> NOTE to anyone thinking of extending FormAuthenticator or
> BasicAuthenticator, you need to get the cvs source since the Tomcat 4.01
> distribution declared those classes as "final".
>
The "final" has been removed from these classes in the HEAD branch (which
is what the nightly builds are created from).
Craig
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
