DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38658>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38658 Summary: RFE: AuthenticatorBase.doLogin(request, response, principal) Product: Tomcat 5 Version: 5.5.0 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] A need occasioanlly arisies for users to implement authentication logic inside of their webapp. Currently users must learm/implement the server specifc APIs for Realm & Authenicator to do this, and must also in essence duplicate some of the logic that already exists in existing libs (their own or third party). Some exmaples would be the Tomcat X.509 authenicator, or Form login libs. Tomcat also currently does not have (to my knowledge) is simple API to perform implicit authenctiion (regsitering an HttpSession with a Principal), though this exists in other web server APIs. In response to these needs, a minimal/simple bridge into the authenication services is proposed; at this point only one method is proposed, and in a fashion where minimal coding is required for end users. These 3 new (proposed) methods allow webapps (with classloader access to the server APIs) to implicitly register a Principal with a HttpSession (e.g to implement or use-existing 3rd party Authenticator/Realm systems). However one can envision a facade API (not given here) that that bridges class loaders so that no change is needed to server configs. Such a facade would simply call into the first method given below, and would likely entail tranlating a HttpServletRequest/Resp into the servers HttpRequest/Resp object - a sample is given at the below. Add to org.apache.catalina.authenticator.AuthenticatorBase: public void doLogin(HttpServletRequest request, HttpServletResponse response, Principal principal) { register( (HttpRequest)((RequestFacade)request).getRequest(), (HttpResponse)((ResponseFacade)response).getResponse(), principal, "FORM", null, null); } Add to org.apache.catalina.connector.ResponseFacade: public Response getResponse() { return resp; } Add to org.apache.catalina.connector.RequestFacade: public Request getRequest() { return (Request)request; } I have tested these but in a limited way, and am not certain of the absence of potential ClassCastExceptions. Example form (clear text password) authenicator code; indirectly illustrates possible doLogin(HttpServletRequest, HttpServletResponse, Principal) impl. /** query an existing plain-password (custom form-based login) authenticator/realm, if success login: **/ public static boolean tryLogin(HttpServletRequest request, HttpServletRequest response, String user, String pass) throws Exception { Server server = ServerFactory.getServer(); Service service = server.findService("Catalina"); if (service==null) throw new NullPointerException("login: Cannot load Service 'Catalina'"); Engine engine = (Engine) service.getContainer(); if (engine==null) throw new NullPointerException("login: Cannot load Container for Service 'Catalina'"); Host host = null; String hostname = Strings.norm(request.getHeader("Host")); Object[] o = engine.findChildren(); for (int i=0; i<o.length; i++) { if (!(o[i] instanceof Host)) continue; Host h = (Host)o[i]; if (hostname.equalsIgnoreCase(h.getName())) { host = h; break; } String[] list = h.findAliases(); for (int j=0; j<list.length; j++) if (hostname.equalsIgnoreCase(list[j])) { host = h; break; } } if (host==null) throw new NullPointerException("login: Cannot load Host '"+hostname+"'"); String reqbase = Strings.norm(req.getContextPath())+"/"; Context context = (Context) host.findChild(reqbase); if (context==null) { context = (Context) host.findChild(Strings.clip(reqbase,-1)); } if (context==null) throw new NullPointerException("login: Cannot load Context '"+reqbase+"'"); Manager manager = context.getManager(); HttpSession hses = request.getSession(true); Session session = null; try { session = manager.findSession(hses.getId()); } catch (IOException e) {} if (session==null) throw new NullPointerException("login: Cannot load Session '"+reqbase+"'"); Realm realm = context.getRealm(); LoginConfig config = context.getLoginConfig(); FormAuthenticator auth = null; Pipeline pipe = context.getPipeline(); Valve[] v = pipe.getValves(); for (int i=0; i<v.length; i++) { if (v[i] instanceof Authenticator) { auth = (FormAuthenticator)v[i]; break; } } if (auth==null) throw new NullPointerException("login: Cannot load Authenticator '"+reqbase+"'"); Principal principal = realm.authenticate(user, pass); if (principal==null) return false; session.setNote(Constants.FORM_PRINCIPAL_NOTE, principal); session.setNote(Constants.SESS_USERNAME_NOTE, user); session.setNote(Constants.SESS_PASSWORD_NOTE, pass); auth.doLogin(request, response, principal); return true; } addtl keywords: sso x509 logon pam -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
