Search code examples
javatomcatauthenticationtomcat-valve

Multiple Tomcat Authenticator Valves

Is it possible to have multiple authenticator Valves within the same Tomcat context configuration? I know you can have multiple Realms through the CombinedRealm, but what about different authentication methods?

I have to update a web application so that it can use a new authentication source, while still using the legacy authentication source to fall back on.

Here's what I currently have in the application's context.xml:

<Context path="/myApp">
   <Valve className="com.company.NewAuthenticator"/>
   <Valve className="com.company.LegacyAuthenticator"/>

   <!-- Dummy realm to prevent pop-up window -->
   <Realm className="com.company.DummyRealm"/>
</Context>

It appears that NewAuthenticator rejects the user's request, the LegacyAuthenticator is never called. I guess this is expected behavior, but is there another way to make this work?

Details:

  • Tomcat 6.0
  • I have to use Authtenticators, as both custom systems set values in the HTTP Request that determine authentication success/failure and I need to create the custom Tomcat security principals to store the roles.
  • Both authentication sources are custom and non-standard. I have to write my own authenticators.
Solution

  • No, there is no CombinedAthenticator. You have to roll your own implementation.