Hello,
I would like to extend the DigestAuthenticator class or BaseAuthenticator
and use that instead of the tomcat default. I have done that but I don't
know how to have it referenced in web.xml under security-constraint. Or
maybe in server.xml similar to the way you can create a customized Ream and
have it referenced in the server.xml as your custom realm.
Is there a <class-name> element I can add perhaps under security-constraint
element?
I like to add something like this to let tomcat know that it should use this
for authentication instead..
???
<authenticator>
<class-name>com.xxx.MyAuthenticator</class-name>
</authenticator>
???
I have this in my web.xml.
<security-constraint>
<web-resource-collection>
<web-resource-name>MyFooRealm</web-resource-name>
<description>xxx</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>OPTIONS</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>HEAD</http-method>
<http-method>PROPFIND</http-method>
<http-method>PROPPATCH</http-method>
<http-method>MKCOL</http-method>
<http-method>COPY</http-method>
<http-method>MOVE</http-method>
<http-method>DELETE</http-method>
<http-method>LOCK</http-method>
<http-method>UNLOCK</http-method>
</web-resource-collection>
<auth-constraint>
<description>xxx</description>
<role-name>xxx</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>Server Realm</realm-name>
</login-config>
<security-role>
<description>Authorized Users Group</description>
<role-name>xxx</role-name>
</security-role>
