Good idea!
But I want to have role set as well. Is there a equivalent set method for role? Thanks for the response! -Jerry -----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:47 PM To: Tomcat Users List Subject: Re: Question about login backdoor On Thu, 10 Jan 2002 [EMAIL PROTECTED] wrote: > Date: Thu, 10 Jan 2002 13:45:27 -0600 > From: [EMAIL PROTECTED] > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Question about login backdoor > > Hi, there, > > I have an application running on Tomcat which will be exposed to both > Internet and Intranet users. I've configured a realm for the Internet > users. For intranet users, I don't want to manage a user list. A second > application will used to authenticate users and do a pass-through login > to the Tomcat application. I just want to Tomcat recogonize all passed > users as authenticated users. Of course, intranet users will be passed > login through a special customized link, where I can add customized > logic. In short, I need a login backdoor besides a realm-based > authenticator. > > My question is how to configure Tomcat to support what I want to do. I > looked at the Tomcat source code under package > org.apache.catalina.authenticator.* and could NOT figure out what is > going on. Could anybody help me or point me to any userful links? > > Thanks in advance for your attention. > You will notice that, for all of the Authenticator implementations, they check early on if there is already an authenticated user for this request -- for example (from BasicAuthenticator.java): Principal principal = (HttpServletRequest) request.getRequest()).getUserPrincipal(); if (principal != null) { return (true); } So, you could either modify one of the existing Authenticators, or write yourself a small Valve that is executed BEFORE authentication occurs, to do whatever you need to authenticate the user, then call: Principal principal = ... implementation of java.security.Principal ... request.setUserPrincipal(principal); before passing the request on. Now, the standard Tomcat authenticator will assume that the user has already been validated. You might still run into issues if you are using roles (and not just authenticated users), because your pseudo-Principal won't have any roles associated with it. That would require a "real" Realm so that Tomcat can look up the roles for a particular user. > -Jerry Fang > (512)602-0160 > Craig -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
