tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: authorization providers (was More on JAAS)
Date Thu, 20 Apr 2000 00:34:47 GMT
> I think we're in total agreement on this intent.  And I even think that you summarized
> (much more concisely) what I was trying to say.
> The issue that raised this long-winded thread was design choices in implementing this
> conclusion.  Tomcat 3.x combines the two concepts in one class (but lets you subclass
> change realm implementations); Catalina separates the two concepts and lets you combine
> your favorite authentication mechansim and an adapter to your favorite security provider
> composition instead.

Wrong - tomcat 3.x provide a sample authentication interceptor. The intent was to keep it
simple and concise - so people can easily read the code.
Extending it is just one way to reuse the code inside, and it's probably the easiest.
It's just a prove of how easy it is to add authentication to tomcat - it's 1/2 day of work,
with a lot of time spend in decoding the password.


View raw message