Version 2
Created by starksm64 on Aug 28, 2005 1:24 PM. Last modified by starksm64 on Aug 28, 2005 1:24 PM.

    ExtendedFormAuthenticator (4.0.3+)

    The current (5.5.9) tomcat FormAuthenticator calls out to error/login pages using a forward that does not allow for interception of the post login attempt state by valves or filters. The org.jboss.web.tomcat.security.ExtendedFormAuthenticator class is an extension of the form authenticator that associates the j_username with the session under the attribute name j_username for use by form login/error pages. If the includePassword attribute is true, the j_password value is also included in the session under the attribute name j_password. In  addition, it maps any authentication exception found in the SecurityAssociation to the session attribute name j_exception. It is essentially a full replacement for and fixes problems with getting the login exception in the FormAuthValve.

    Note: this is based on a patched version of the org.apache.catalina.authenticator.FormAuthenticator that has been submitted to the tomcat bugzilla(id=36136).

     

    Configuring the ExtendedFormAuthenticator for an Application

    To enable the ExtendedFormAuthenticator for you webapp, you create a WEB-INF/context.xml descriptor with a Valve element like the following:

     

    <!-- Add the ExtendedFormAuthenticator to get access to the username/password/exception -->
<Context cookies="true" crossContext="true">
   <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
      includePassword="true" ></Valve>
</Context>

     

    Configuring the ExtendedFormAuthenticator for All Applications

    You can add the Valve statement to the jbossweb-tomcat55.sar/context.xml to use the ExtendedFormAuthenticator for all applications.

     

    <!-- The contents of this file will be loaded for each web application -->
<Context cookies="true" crossContext="true">
   <!-- Session persistence is disable by default. To enable for all web
   apps set the pathname to a non-empty value:
   <Manager pathname="SESSIONS.ser" ></Manager>

   To enable session persistence for a single web app, add a
   WEB-INF/context.xml 
   -->
   <Manager pathname="" ></Manager>

   <!-- Install an InstanceListener to handle the establishment of the run-as
   role for servlet init/destroy events.
   -->
   <InstanceListener>org.jboss.web.tomcat.security.RunAsListener</InstanceListener>

   <!-- Add the ExtendedFormAuthenticator to all applications by default -->
   <Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
      includePassword="true" ></Valve>
</Context>

     

     

    9139 Views Categories: Tags: