Our web application requires custom form authentication with specific logic inside. The current form authenticator implementation requires the authenticator module, let's call it custom.auth.jar
, to be present in %CATALINA_HOME%/lib
before the web application starts. The web application uses that custom authenticator module using the following context.xml
directive:
<Valve className="foo.bar.CustomAuth" characterEncoding="UTF-8"/>
As far as I understand Tomcat requirements, this module, custom.auth.jar
, must be present in Tomcat's lib
directory before the web application starts, because the web application does not seem to require the authenticator code packaged with the web archive -- it always tries to find it in %CATALINA_HOMA%/lib
. Otherwise the web application simply cannot start:
SEVERE: Parse error in context.xml for /webapp
java.lang.ClassNotFoundException: foo.bar.CustomAuth
Due to the specifics of the authentication business logic and some protection, we were forced to introduce some kind of versioning of the authentication module, and check its version in the web application application listener -- if the web application finds an incompatible version of authentication module (not checking the JAR-file provided in the Tomcat's library directory -- we use reflection instead) -- it simply refuses to start reporting the compatibility error between the web application being tried to start and the authentication module. Again, an existing authenticator module must be specified in context.xml
.
Despite it protects the incompatible versions, this gives some major difficulties: we cannot start another version of the same application in the same Tomcat instance, because these two applications require different versions of the authentication module. But there can be a single version in the Tomcat's lib
directory.
My question is: is it possible to package the custom FormAuthenticator
directly in the web application not requiring that single version of the FormAuthenticator
to be loaded before the web application is being started? This would allow to start as many versions of the web application as we want and do not touch %CATALINA_HOME%/lib
at all.
In other words: how can I make Tomcat to take the custom authenticator module from the web application, not from its home library directory? Thanks.
Valve
classes cannot be loaded by a webapp class loader. Take a look at the answer to this question.As a possible solution to the versioning issue, consider starting different Tomcat instances by overriding the CATLINA_BASE environment variable. Running with separate CATALINA_HOME and CATALINA_BASE is documented in RUNNING.txt file which can be found in Tomcat distribution. I could also share a working example configuration.