On 10/25/15 9:40 AM, Milo van der Zee wrote: > Hello, > > There are some default valves available with Tomcat. None of these > expose the request to later phases in the request cycle. Is it an idea > to add a valve that does this? And make this available through a > callback in the jaas loginModule. Just like WebLogic and Websphere do > it. Or just use a static threadlocal variable in the valve with a static > getter. > > Why? > If the jaas login module needs to communicate anything to the filter or > other request phases this is needed. When the request is available this > info can (for example) be added to the session. > Or when someone wants to use request info for jaas authentication this > could also be used. > > Thanks for any ideas or comments.
Are you asking about access to the internal Tomcat "Request" object, or are you asking about the HttpServletRequest? I know it's inconvenient in Tomcat authenticators not to be able to get things like the remote user's IP address -- for example, to log a failed login attempt. There is some discussion going on right now about using JASPIC as an authentication API; perhaps you could join that discussion and advocate for access to some of this information. I would certainly be interested in having access to information from the user's request during authentication. -chris --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
