Externalization of Tomcat Authenticators
There are numerous occassion when the default authentication provided by the servlet spec (BASIC,FORM, CLIENT-CERT, DIGEST) is insufficient for an enterprise. Typical scenarios include integration with an Identity Management Solution from a third party vendor. It also includes custom processing needs, for example, if the authentication process needs to consider headers etc.
Starting JBoss 4.0.4GA, this feature is available as evidenced by the JIRA issue: http://jira.jboss.com/jira/browse/JBAS-2899
(For 4.0.4.GA, please remember to take the patched jar from http://jira.jboss.com/jira/browse/JBAS-3212)
In the jboss-service.xml of jbossweb-tomcat55.sar/META-INF, uncomment the attribute "Authenticators".
In the server.xml file of jbossweb-tomcat55.sar, uncomment the host element with the configClass attribute in it.
<Host name="localhost" autoDeploy="false" deployOnStartup="false" deployXML="false" configClass="org.jboss.web.tomcat.security.config.JBossContextConfig">
There is a configuration in the 4.0 testsuite where this is tested. The configuration is called "tomcat-federation-tests"
> ant tomcat-federation-tests
Information on Authenticators
JBoss AS5 and Beyond
Please look in default configuration section of PicketLinkAuthenticator for guidance.