tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig McClanahan" <>
Subject Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core
Date Mon, 25 Oct 1999 22:26:09 GMT wrote:

> > >
> > > I'm not sure which is the best way to "expose" Server API ( and callbacks),
but I would not use
> > > RequestAdapter for "generic" callbacks.
> > >
> >
> > The implementation of RealmConnector that wanted to go back through Apache would
cast this reference to the AjpXX-specific protocol adapter
> > class that was needed.  I don't think you need a general "callback" API.
> That's what I try to avoid - casting to a specific adapter.
> We can have an interface containing various methods you need for security,
> and adapters can implement the interface if they know how to.
> My problem - if it's not part of the request, it shouldn't be in RequestAdapter.
> We can add a ServerAdapter, containing methods like "checkUser()", or other
> callbacks you need.

I think the "RealmConnector" interface that I'm proposing is the same ServerAdapter interface
you are talking about, because it's got exactly the
questions needed to satisfy the servlet container's questions -- although Harish has pointed
out a needed change in the authenticate() method.  So,
if the Apache protocol adapter implemented this directly (and we arranged so that the Context
knows about it, which is actually a harder trick), it
could be used as the RealmConnector implementation.

On the other hand, I would argue that casting is still the better approach, for a couple of

* It's only needed when you are integrating into an existing
  web server through a protocol adapter.  This won't be the
  case when you use an app server's capabilities directly
  (i.e. embed Tomcat inside a J2EE server), or when you
  are using a Directory Server via JNDI, or a database table
  via JDBC.

* The capabilities of each web server with which you might
  want to integrate are not all the same.  The "protocol" side
  of the adapter should speak in the terms of the underlying
  web server's security model, while the "container" side should
  speak in the language of the servlet spec's security vocabulary.

The casting is only done inside an Apache-specific RealmConnector implementation, which already
knows that it's talking to Apache's security
model.  It also lets you neatly encapsulate the mapping between vocabularies in a single place,
instead of having to force the question into a
generic ServerAdapter interface, and then back into a protocol-specifc request (say, inside
the AJPv12 adapter).


View raw message