Is it possible to have multiple authenticator Valves within the same Tomcat context configuration? I know you can have multiple Realms through the CombinedRealm, but what about different authentication methods?
I have to update a web application so that it can use a new authentication source, while still using the legacy authentication source to fall back on.
Here's what I currently have in the application's context.xml:
<Context path="/myApp">
<Valve className="com.company.NewAuthenticator"/>
<Valve className="com.company.LegacyAuthenticator"/>
<!-- Dummy realm to prevent pop-up window -->
<Realm className="com.company.DummyRealm"/>
</Context>
It appears that NewAuthenticator rejects the user's request, the LegacyAuthenticator is never called. I guess this is expected behavior, but is there another way to make this work?
Details:
- Tomcat 6.0
- I have to use Authtenticators, as both custom systems set values in the HTTP Request that determine authentication success/failure and I need to create the custom Tomcat security principals to store the roles.
- Both authentication sources are custom and non-standard. I have to write my own authenticators.
