Databases
StackOverflow2013
Postsdbo
POTomcat: Custom form authenicator in a web application, not as a stand-alone JAR module. Possible?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POTomcat: Custom form authenicator in a web application, not as a stand-alone JAR module. Possible?
    text
    copied!<p>Our web application requires custom form authentication with specific logic inside. The current form authenticator implementation requires the authenticator module, let's call it <code>custom.auth.jar</code>, to be present in <code>%CATALINA_HOME%/lib</code> before the web application starts. The web application uses that custom authenticator module using the following <code>context.xml</code> directive:</p> <pre class="lang-xml prettyprint-override"><code>&lt;Valve className="foo.bar.CustomAuth" characterEncoding="UTF-8"/&gt; </code></pre> <p>As far as I understand Tomcat requirements, this module, <code>custom.auth.jar</code>, must be present in Tomcat's <code>lib</code> directory before the web application starts, because the web application does not seem to require the authenticator code packaged with the web archive -- it always tries to find it in <code>%CATALINA_HOMA%/lib</code>. Otherwise the web application simply cannot start:</p> <pre><code>SEVERE: Parse error in context.xml for /webapp java.lang.ClassNotFoundException: foo.bar.CustomAuth </code></pre> <p>Due to the specifics of the authentication business logic and some protection, we were forced to introduce some kind of versioning of the authentication module, and check its version in the web application application listener -- if the web application finds an incompatible version of authentication module (not checking the JAR-file provided in the Tomcat's library directory -- we use reflection instead) -- it simply refuses to start reporting the compatibility error between the web application being tried to start and the authentication module. Again, an <em>existing</em> authenticator module must be specified in <code>context.xml</code>.</p> <p>Despite it protects the incompatible versions, this gives some major difficulties: we cannot start another version of the same application in the same Tomcat instance, because these two applications require different versions of the authentication module. But there can be a single version in the Tomcat's <code>lib</code> directory.</p> <p>My question is: is it possible to package the custom <code>FormAuthenticator</code> directly in the web application not requiring that single version of the <code>FormAuthenticator</code> to be loaded before the web application is being started? This would allow to start as many versions of the web application as we want and do not touch <code>%CATALINA_HOME%/lib</code> at all.</p> <p>In other words: how can I make Tomcat to take the custom authenticator module from the web application, not from its home library directory? Thanks.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload