-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Saurabh,
On 5/25/16 10:33 PM, saurabh.su...@rbs.com.INVALID wrote: > I am already extending JAASCallbackHandler and getting Name and > password through that. How can we get HTTLServletRequest through > JAASCallbackHandler? I'm interested in a similar feature, too. It would be great if an arbitrary authenticator component could get access to the HttpServletRequest -- mostly to get the remote user's IP address. One of the reasons we can't use Tomcat's container-provided authentication and authorization is because we can't properly-log source information when authentication fails. Theoretically speaking, we wouldn't really need access to the HttpServletRequest from within the Realm, but that would require a new component like an AuthenticationListener that would get notifications about success/failure of an authentication attempt, and could include information such as the HttpServletRequest object itself, or perhaps some selected pieces of useful connection information (e.g. client certificate, source IP address, ports, etc.). - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAldHFB8ACgkQ9CaO5/Lv0PAn8wCdE1h/gZXNA3DrkYuFuG8DQrQF o7gAn2FI/kEp/Pn80vD7qa6DcdjAOLtE =P34z -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
