(primarily for Fjodor but feel free to comment as you see fit)
Consensus to date is that a Valve will be the best integration point.
Given that the implementation will need access to Tomcat's internals,
I'd suggest either use the existing org.apache.catalina.authenticator
package or create a new org.apache.catalina.jaspic package
I can think of a couple of different ways for you to get started. Feel
free pick one (or more) of these or choose your own.
1. AuthConfigFactory
- Create the Tomcat specific AuthConfigFactoryImpl (just stub out
the methods to start with
- Fix the various issues with AuthConfigFactory
- Replace the stubs with actual implementations and provide any
additional supporting code as you go.
2. Authenticator
- Create a JaspicAuthenticator class (will need to be a Valve).
- To start just have the Valve pass the request/response down the
pipeline
- Register a new web.xml authentication method "JASPIC-BASIC" and
link it to the new Valve the same way the BasicAuthenticator is
linked to the "BASIC" authenticaton method.
- Implement BASIC auth using the JASPIC API, providing any necessary
supporting code as you go.
- Keep in mind that this Valve is going to have to support any
JASPIC authentication module but don't worry too much about
getting Valve architecture right first time. You can always
refactor things later
As always, if you have any questions feel free to ask them on the dev list.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
