-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Remon,
On 10/19/2011 7:57 AM, Remon Sadikni wrote:
> I managed to get it working. If you are interested in my solution
> for Tomcat 6: I extended the Valve RequestFilterValve and overwrote
> the method process with this content:
>
> // Check the allow patterns for (int i = 0; i < allows.length; i++)
> { if (allows[i].matcher(property).matches()) { // create a
> principal for an existing fake user final List<String> roles = new
> ArrayList<String>(); roles.add("ROLE"); final Principal principal =
> new GenericPrincipal(null, "USER", "PASS", roles); // set the
> principal in this request request.setUserPrincipal(principal); } }
> // pass this request to the next valve (basic authentication)
> getNext().invoke(request, response); return;
If you overrode the process() method (and I'm sure you changed other
things, too, since the variable "allows" is not part of
RequestFilterValve), then you really aren't getting anything by
extending RequestFilterValve.
Note that there has been some grumbling on the list about the use of
Matcher.matches() instead of Matcher.lookingAt(): you might want to
consider your requirements before choosing one over the other: most
regular expression folks will expect the behavior of lookingAt and not
matches().
> If the User has an allowed IP address, the UserPrincipal will be
> set in this request, so that the next valve (the Basic
> Authentication) will not show the login window. If the User has
> another IP address, the request will be forwarded to the next valve
> without any changes, so that you need to log in.
Hey, that's an idea: I didn't think of just shoving the principal into
the request. Just be aware that you will do this on every request,
because Tomcat isn't storing the Principal anywhere to maintain the
"login".
> At first I tried solving it with RequestWrappers and changing
> Headers, but that failed, because the Basic Authentication Method
> tests for the UserPrincipal.
It should be doing both, but the Principal is more efficient because
you don't have to use "real" user that can be authenticated using the
webapp's Realm.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6e3RcACgkQ9CaO5/Lv0PCIQQCdGKJ3w7mLQqir8wDswf2b/Np2
x0cAoKzOb5X9Ka/BRpeWzEWie0UMCQqQ
=3Qln
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
