tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arkin <ar...@exoffice.com>
Subject Re: authorization providers (was More on JAAS)
Date Wed, 19 Apr 2000 23:29:49 GMT
Costin Manolache wrote:
> 
> > > > 1. We define a set of interfaces for a J2EE principal and roles
> > > > credentials and a way to authenticate given no user, user/password,
> > > > user/certificate, cookie. The container only uses these interfaces.
> > >
> > > The container will use these interfaces in most cases - "only" is too
> > > strong :-)
> >
> > "Only" as in, if the container makes a request to a login module for the
> > purpose of J2EE authentication & authorization it will use just these
> > interfaces and no other extensions. If the container talks to someone
> > else for any other purpose (say just authentication) it can use any
> > other interface that makes sense, however, that is a container issue and
> > a generic authentication module is not aware of that.
> 
> > > ( and tomcat will use the apache modules if it runs in "integrated"
> > > mode - the java interfaces will not be called in this case )
> >
> > +1 In which case the container needs some other way to authenticate.
> 
> I'm a bit confused - who is the container?  I thought tomcat is the servlet
> container.

Tomcat.

To be more generic, a container is a container is a container. It could
be a Servlet container, or it could be a Mailet or Phonelet or EJB or
any other form of container. Tomcat is one such container.

The container authenticates the user against a login module. (Whether
you use JAAS or a different API, the semantics are generally the same)
The container authenticates using some security provider API. JAAS is
one such API. Apache modules is another API.

Some forms of authentication are active (i.e. container goes to module
and say please authenticate 'Joe'/'secret') others are passive (i.e.
container gets prior authentication).

arkin


> 
> Costin
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org

-- 
----------------------------------------------------------------------
Assaf Arkin                                           www.exoffice.com
CTO, Exoffice Technologies, Inc.                        www.exolab.org

Mime
View raw message