tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <cos...@costin.dnt.ro>
Subject Re: authorization providers (was More on JAAS)
Date Wed, 19 Apr 2000 21:38:19 GMT
> > > 1. We define a set of interfaces for a J2EE principal and roles
> > > credentials and a way to authenticate given no user, user/password,
> > > user/certificate, cookie. The container only uses these interfaces.
> >
> > The container will use these interfaces in most cases - "only" is too
> > strong :-)
>
> "Only" as in, if the container makes a request to a login module for the
> purpose of J2EE authentication & authorization it will use just these
> interfaces and no other extensions. If the container talks to someone
> else for any other purpose (say just authentication) it can use any
> other interface that makes sense, however, that is a container issue and
> a generic authentication module is not aware of that.

> > ( and tomcat will use the apache modules if it runs in "integrated"
> > mode - the java interfaces will not be called in this case )
>
> +1 In which case the container needs some other way to authenticate.

I'm a bit confused - who is the container?  I thought tomcat is the servlet
container.



Costin


Mime
View raw message