Tomcat, Vaadin, and Authentication

First, a statement of the problem: A vaadin application that needs to authenticate users in a manner compatible with Tomcat's container-based authentication (8.5, preferably). Vaadin goes to some lengths to prevent me accessing the HttpServletRequest directly, where I could use login() or authenticate(). They have a login control that can post to a form url which I might be able to make work. Currently, I have a sort of working solution that checks passwords against the same database as Tomcat, but I need to access the credential handler from tomcat to match anything other than passwords stored in plaintext. The current solution works fine in dev but obviously is a non-starter in production. Also, dev is running on jetty and doesn't have the environment setup properly to match Tomcat. So whatever I do also has to work there, even if it doesn't quite work the same way.

I can get a RequestListener but it doesn't give me access to the methods I need. I'd rather not post to the form handler .. although maybe that will work. I'll at least try it.

I think I will try to configure an instance of the credential handler in the context. That way I can run credentials through exactly as tomcat would in production, and in dev, it just won't be configured so I can do something else.

This entry was published Thu Jul 25 09:52:01 CDT 2019 by Matthew and last updated 2019-07-25 09:52:01.0.

Note: Comments are currently moderated and will not appear immediately.

Rate this article
Subscribe to future comments on this article