All geek questions in one place

Tomcat: an arbitrary form authenticator in a web application, not as a separate JAR module. Possible?

Our web application requires individual authentication of the form with a certain logic inside. For the current implementation of the form authenticator, an authentication module is required, call it custom.auth.jar to be present in %CATALINA_HOME%/lib before launching the web application. The web application uses this custom authentication module using the following context.xml directive:

 <Valve className="foo.bar.CustomAuth" characterEncoding="UTF-8"/>

As far as I understand the requirements of Tomcat, this custom.auth.jar module must be present in the Tomcat lib directory before launching the web application, since the web application does not seem to require an authenticator code packaged in the web archive - it always tries to find it in %CATALINA_HOMA%/lib . Otherwise, the web application simply cannot start:

 SEVERE: Parse error in context.xml for /webapp java.lang.ClassNotFoundException: foo.bar.CustomAuth

Due to the specifics of the authentication business logic and some protection, we were forced to introduce some version control of the authentication module and check its version in the application application of the web application β€” if the web application finds an incompatible version of the authentication module (without checking the JAR file provided in the Tomcat library directory, we use reflection instead) - it simply refuses to report a compatibility error between the running web application and the authentication module. Again, the existing authentication module must be specified in context.xml .

Although it protects incompatible versions, this creates some serious difficulties: we cannot run another version of the same application on the same Tomcat instance, because these two applications require different versions of the authentication module. But there can be one version in the Tomcat lib directory.

My question is: is it possible to pack a custom FormAuthenticator directly in a web application without requiring a single version of FormAuthenticator to be downloaded before launching the web application? This would allow you to run as many versions of the web application as we want, and not touch %CATALINA_HOME%/lib at all.

In other words: how can I get Tomcat to take the user authentication module from the web application, and not from its home library directory? Thanks.

+1
source share
1 answer

Valve classes cannot be loaded by the webapp class loader. Take a look at this question.

As a possible solution to the version problem, consider starting different Tomcat instances by overriding the CATLINA_BASE environment variable. Work with individual CATALINA_HOME and CATALINA_BASE is documented in the RUNNING.txt file, which can be found in the Tomcat distribution. I could also share a working example configuration.

+2
source

Source: https://habr.com/ru/post/1491624/

More articles:


All Articles