tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Assaf Arkin <>
Subject Re: Security in tomcat
Date Fri, 11 Feb 2000 20:09:07 GMT
JAAS is sort of a work in progress. Some of the ideas there are very
good, and I plan to use them, some stuff is just not well specified, so
we'll need to figure that out as we go along.

JAAS is not dependent on 1.3. Caller-based permissions are available in
1.3 only, but for Tomcat you only need role-based permissions, so it can
be done with 1.2.


Geoff Soutter wrote:
> > There are 3 issues with implementing security:
> >
> > 1. User authentication - a simple interceptor can handle that, it will
> > check for "user" and "password" and use it's own database to check if it
> > match. For example an LDAP auth interceptor will look into LDAP, etc.
> I'm no expert on this, but JAAS would be cool to use with this, but it's
> JDK1.3 only :-(
> it supposedly lets you plug in to any back end for authentication
> I think it comes with a JNDI back end that would do LDAP for you?
> l I suppose you could have a (single) JAASAuthInterceptor for those that are
> running 1.3, and (multiple) others for those that are not.
> geoff
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

Assaf Arkin                                 
CTO, Exoffice Technologies, Inc.              

View raw message