As I understood your problem I think that you have to implement your own RequestWrapper as your username is not in an official attribute but a private one. (So tomcat wouldn't know how to give this information to a realm)
More on extending a RequestWrapper: http://java.sun.com/products/servlet/Filters.html#72674 Also note that Realms are tomcat specific. If you are trying o deal with Realms and BasicAuthenticator these will couple your application strongly with tomcat: "Although the Servlet Specification describes a portable mechanism for applications to declare their security requirements (in the web.xml deployment descriptor), there is no portable API defining the interface between a servlet container and the associated user and role information. In many cases, however, it is desireable to "connect" a servlet container to some existing authentication database or mechanism that already exists in the production environment. Therefore, Tomcat 4 defines a Java interface (org.apache.catalina.Realm) that can be implemented by "plug in" components to establish this connection. " From: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.htm > -----Original Message----- > From: Oliver Wulff [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 02, 2003 9:25 AM > To: Tomcat Users List > Subject: Antwort: RE: Antwort: RE: user principal, realm > > > > org.apache.catalina.connector.RequestWrapper > > I'm wondering if I could just implement my custom > authenticator (compare BasicAuthenticator.java) or a > custom Realm. But I don't know how I can register my authenticator. > As mentioned already I want to read the delegated user from a > http header > attribute and register it. Here the way how the > BasicAuthenticator does it: > register(request, response, principal, > Constants.BASIC_METHOD, username, > password); > > My problem, am I free in choosing a constant? I don't have a password > because authentication has been done in the apache server > which is in front > of tomcat. > > I don't know if I have to write a custom authenticator, a > custom Realm or > overwrite RequestWrapper. In all cases, how can I integrate my custom > classes in tomcat? I don't want to build a custom tomcat release. > Integration should be possible by configuration. > > > > > > > ******************* BITTE BEACHTEN ******************* > Diese Nachricht (wie auch allf�llige Anh�nge dazu) beinhaltet > m�glicherweise vertrauliche oder gesetzlich gesch�tzte Daten oder > Informationen. Zum Empfang derselben ist (sind) ausschliesslich die > genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht > irrt�mlicherweise erreicht hat, sind Sie h�flich gebeten, diese unter > Ausschluss jeder Reproduktion zu zerst�ren und die absendende Person > umgehend zu benachrichtigen. Vielen Dank f�r Ihre Hilfe. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
