private void doConnectorAuthenticationAuthorization( org.apache.coyote.Request req, Request request) { // Set the remote principal String username = req.getRemoteUser().toString(); if (username != null) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authenticate", username)); } if (req.getRemoteUserNeedsAuthorization()) { Authenticator authenticator = request.getContext().getAuthenticator(); if (authenticator == null) { // No security constraints configured for the application so // no need to authorize the user. Use the CoyotePrincipal to // provide the authenticated user. request.setUserPrincipal(new CoyotePrincipal(username)); } else if (!(authenticator instanceof AuthenticatorBase)) { if (log.isDebugEnabled()) { log.debug(sm.getString("coyoteAdapter.authorize", username)); } // Custom authenticator that may not trigger authorization. // Do the authorization here to make sure it is done. request.setUserPrincipal(request.getContext().getRealm().authenticate(username)); } // If the Authenticator is an instance of AuthenticatorBase then // it will check req.getRemoteUserNeedsAuthorization() and // trigger authorization as necessary. It will also cache the // result preventing excessive calls to the Realm. } else { // The connector isn't configured for authorization. Create a // user without any roles using the supplied user name. request.setUserPrincipal(new CoyotePrincipal(username)); } } // Set the authorization type String authtype = req.getAuthType().toString(); if (authtype != null) { request.setAuthType(authtype); } }