I write my own realm implementation for Tomcat 7.x. In the method Principal authenticate(X509Certificate[] certs) I'd like to read request headers. My authentication would be based on client certificate + custom http request value. Is it possible?
The method authenticate is called in
SSLAuthenticator.authenticate(Request request, HttpServletResponse response, LoginConfig config)
But I do not see that the Request object is passed to realm instance. Is there something similar like WebServiceContext that is used for WS?
...
@Resource
WebServiceContext wsctx;
MessageContext mctx = wsctx.getMessageContext();
HttpServletRequest request = (HttpServletRequest)
mctx.get("javax.xml.ws.servlet.request");
...