Chapter 6: Advanced Tomcat Features attribute to the value org.apache.catalina.authenticator.SingleSignOn: Only one optional attribute is available with this Valve, requireReauthentication. This attribute defaults to false. When requireReauthenticationis set to true, the Single Sign-on Valve performs actual re-authentication against each security Realm before accessing a protected resource. When this is set to false, by default, a session cookie is checked for authentication state and the Realm will not be contacted if the user is already signed on. Restart Tomcat as well as your browser. (This is necessary because most browsers cache credentials for BASIC authentication.) Try accessing the two URLs again, in any order. This time, because the Single Sign- on Valve caches the access credentials across multiple Web applications on the same virtual host, you will be asked to enter the username and password only once. You can test this again by trying the URLs in a different order after restarting the browser (to clear the browser s password cache and create a new session). Note that BASICauthentication was purposely not used for both applications because the client browser typically caches login usernames and passwords. This Valve is not as useful whenever all the applications use BASICauthentication (because the browser may already cache credentials for BASICauthentication, providing single sign-on capability in this special case). Therefore, depending on the authentication method used by Web applications, your mileage on the Single Sign- on Valve may vary. The Single Sign-on Valve is most effective when multiple authentication schemes are involved (common in most production scenarios). Form Authenticator Valve In Figure 6-3 , a custom form is used to authenticate the user. Inside Tomcat, the application Context has actually inserted a special Valve to handle this. This automatically inserted Valve is called the Form Authenticator Valve, and it presents the form and handles form submission for user authentication. In most cases, you will not need to modify the default configuration of this Valve. However, in special cases where you need to accept the username and password in a text encoding that is different from the request s text encoding, you can override the default: Restricting Access via a Request Filter A Request filter is a very useful Valve that enables you to block or filter specific client requests. This Valve is useful for implementing policies that are based on the characteristics of requests passing through it. These filters are discussed next. Remote Address Filter If the classNameattribute of the component has the value org.apache.catalina.valves .RemoteAddrValve, then a Remote Address Filter is created. A Remote Address Filter enables the
For high quality website hosting services please check java web hosting website.