geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Genender <jgenen...@apache.org>
Subject Re: A Tomcat deployment question
Date Wed, 16 Feb 2005 15:09:03 GMT


anita kulshreshtha wrote:
> Oops! I apologize for the keyboard malfunction. Please
> ignore my other mail.
> --- Jeff Genender <jgenender@apache.org> wrote:
> 
> 
>>
>>anita kulshreshtha wrote:
>>
>>>--- Jeff Genender <jgenender@apache.org> wrote:
>>><snip>
>>
>>the jetty like webapp classloader would not work.
> 
> 
> Thanks for the info., I will dig deeper into this.
> 
> 
>>We should be able to use Tomcat's security.  Its
>>just a matter of 
>>declaring the proper realm.  The realm model
>>supports pluggable security 
>>components, so this should work fine.
> 
> 
>    I do not see why we need to do that. Geronimo
> already provides equivalents of memory, JDBC and JAAS
> realms. Earlier there was a conversation about
> Geronimo  providing LDAP based authentication. Am I
> missing something? 

The point is that the security model is pluggable. If you want to use 
Geronimo's security, then the Realms have been created for you to do so 
(i.e. TomcatJAASRealm for JAAS and TomcatGeronimoRealm for JACC).  If 
you wish to use another (non-Geronimo) security model, just be sure 
there is an appropriate Realm class.  If you want to use Tomcat's 
security only, then feel free to use those Tomcat Realms (although the 
Tomcat's version of the JAAS Realm...JAASRealm...will not use JAAS 
correctly with Geronimo, thus the TomcatJAASRealm object has been 
created, which does).

Your question about why we need to do this is answered more from the 
perspective that Tomcat was written to allow a declarative, pluggable, 
security model.  I guess this is a good feature that comes with Tomcat 
and I surely would not want to make an effort to remove it.

As for LDAP, I cannot directly answer that as I was not a part of the 
conversation in the past.  But I can answer, that from a Geronimo/Tomcat 
security perspective, the easiest route here is to write a Geronimo 
client Login Module.  No code changes would be needed in Tomcat at all. 
  The TomcatJAASRealm and/or TomcatGeronimoRealm will be happy to 
interface with this login module.

> 
> Thanks
> Anita
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> Meet the all-new My Yahoo! - Try it today! 
> http://my.yahoo.com 
>  

-- 
Jeff Genender
http://geronimo.apache.org


Mime
View raw message