tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carreira, Jason" <>
Subject RE: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core R
Date Mon, 25 Oct 1999 21:56:20 GMT
> I see 3 solutions:
> - ServerAdapter ( isUserInRole() is not request-specific, you 
> can call it for any user, and outside
> a Request context). Defaults should be used if the server 
> doesn't support that ( IIS, etc), in
> case the adapter doesn't support it
> - Make it a "deployment" issue ( how we configure to keep the 
> configs in sync ).
> - make it part of the "security" framework. You can have an 
> "ApacheRealm", and do
> security callbacks to apache.  Again - we need an interface 
> to allow callbacks to Apache,
> but in this case the "Adapter" needs to provide generic 
> support for callbacks, and you
> can use in the security framework.

Just my $.02, but I think it would make the most sense to have a
ServerAdapter for lots of server-specific services, one of which would be a
getRealmAdapter() or somesuch to get an instance of a security framework
service provider (the ServerAdapter would know what security framework
service provider it wants to use)... kind of a combination of your 1 and

then you could have an ApacheServerAdapter that talks specifically to
Apache, and an ApacheRealmAdapter that does authentication and role-to-group

View raw message