It's a little bit more complicated. In front of Tomcat, an Apache server is running which does the authentication and delegates the user-id as an http header attribute. A valve will read this header attribute and simulate that the user has been authenticated through basic authentication by doing the following: String auth_string = "Basic " + new String( Base64.encode(username.getBytes()) ); request.setAuthorization(auth_string); A custom realm is plugged in also which access our custom authorization system to get the roles. This realm can be configured to do the authentication or not. Everything works fine. For testing purposes, I wrote a valve which will be called first and sets the header attribute which would be set too by the apache server. So, I can test the whole behaviour without the Apache server in front of. After setting the header attribute in the test-valve I tried to read this attribute again in the valve which simulates basic authentication, but it doesn't work to set an http header attribute in the valve. ******************* BITTE BEACHTEN ******************* Diese Nachricht (wie auch allf�llige Anh�nge dazu) beinhaltet m�glicherweise vertrauliche oder gesetzlich gesch�tzte Daten oder Informationen. Zum Empfang derselben ist (sind) ausschliesslich die genannte(n) Person(en) bestimmt. Falls Sie diese Nachricht irrt�mlicherweise erreicht hat, sind Sie h�flich gebeten, diese unter Ausschluss jeder Reproduktion zu zerst�ren und die absendende Person umgehend zu benachrichtigen. Vielen Dank f�r Ihre Hilfe. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
