Mark is correct: request.addHeader has been deprecated in 5.5.x+, and doesn't actually do anything at all. See Mark's response for the correct way to add your own request header.
Alternatively, if the set the userPrincipal on the Request in your Valve, then Tomcat won't bother to try and authenticate the user at all. "Böhringer Jochen" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >Again, put your valve in host, not context if you want it to be called >before authentification Sorry I misunderstood your hint. Now I have this configuration (with Valve and Host element on the same level): [...] <Valve className="de.tccproducts.valves.PenFrameworkAuthenticationValve" /> <Host name="localhost" autoDeploy="false" deployOnStartup="false" deployXML="false"> [...] Now my valve is called before the response the authentication takes place. But adding the Authorization header before the BasicAuthenticator is called does not prevent the BasicAuthenticator from sending back a SC_UNAUTHORIZED. I add the basic authentication header using this method in my valve: request.addHeader("Authorization", "Basic am9jaGVuYjpqb2NoZW5i"); But if I have a look in the BasicAuthenticator implementation I can see, that the basic authenticator reads the header's value using this code: MessageBytes authorization = request.getCoyoteRequest().getMimeHeaders() .getValue("authorization"); So I think the request object I modify does not reflect its changes to the CoyoteRequest the BasicAuthenticator reads the values from. Is there a solution to modify the CoyoteRequest? Regards Jochen --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
