top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Tomcat: Realm, access to Request object

+1 vote
532 views

I write my own realm implementation for Tomcat 7.x. In the method Principal authenticate(X509Certificate[] certs) I'd like to read request headers. My authentication would be based on client certificate + custom http request value. Is it possible?

The method authenticate is called in
SSLAuthenticator.authenticate(Request request, HttpServletResponse response, LoginConfig config)

But I do not see that the Request object is passed to realm instance. Is there something similar like WebServiceContext that is used for WS?

...
 @Resource
 WebServiceContext wsctx;
 MessageContext mctx = wsctx.getMessageContext();
 HttpServletRequest request = (HttpServletRequest) 
mctx.get("javax.xml.ws.servlet.request");
...
posted May 20, 2014 by Amit Mishra

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

In Tomcat, the Authenticator is responsible for gathering the credentials. This often requires interaction with the Request and related objects.

The Realm is responsible for validating credentials. Therefore the Realm does not need access to the Request and related objects.

answer May 20, 2014 by Abhay Kulkarni
Similar Questions
0 votes

In my web app, I'd like to re-use the (server-wide) Tomcat Realm that is already being used for HTTP Basic authentication but couldn't find a way how to get hold of the actual Realm instance.

I spent quite some time looking for a solution (complicated by the fact that most Google hits actually referred to the LDAP authentication realm) but found none. Is there a "config-file-only" solution or do I need to dig into the Tomcat source code and come up with my own JNDI ObjectFactory to achieve this ?

+4 votes

Is there any way to not have the password visible in the realm for example for active directory realm?

+1 vote

I want to access the JNDI Directory context in Tomcat8. I've used DirContextURLStreamHandler class which was in Tomcat 7. But now that has been removed.

Can someone tell me how can I access the JNDI Directory Context in Tomcat 8?

+2 votes

I'm running a server with multiple instance of tomcat each instance has some apps deployed & accessed with host:port, like

myhost.com:7777/app1
myhost.com:8888/app2
myhost.com:9999/app3

Is there any way to hide the port from users & making app URL simpler with keeping multi instance? like this or any thing near

app1.myhost.com
app2.myhost.com
app3.myhost.com
+1 vote

We have a set up like Apahce (80,443) redirects the request to Tomcat (8080) using mod_jk.

The new requirement is to route the request from the same apache to another tomcat (8090). Hence I made the different config file for apache with different ports (86,4444) and different worker for mod_jk which routes the request to tomcat.

Now the issue is when I hit the url http://:86 and after providing the credentials, it is redirecting to https://:86 and throwing the below error.

Error in browser:

Secure Connection Failed

An error occurred during a connection to x.x.x.x:86. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

Error in logs:

"x16x03x01" 501

[Thu Jan 08 08:22:46 2015] [debug] ssl_engine_io.c(1523): OpenSSL: I/O error, 11 bytes expected to read on BIO#1bf568 [mem: 1f3930]
[Thu Jan 08 08:22:46 2015] [debug] ssl_engine_kernel.c(1806): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Thu Jan 08 08:22:46 2015] [info] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Thu Jan 08 08:22:46 2015] [info] Connection to child 3 closed with abortive shutdown(server pritoolvca1.sw.ericsson.se:443 [2], client 153.88.164.216)
[Thu Jan 08 08:23:53 2015] [error] [client 172.17.136.153] Invalid method in request x16x03x01

Could you please suggest where it might went wrong and the way forward..

...