Return-Path: <jdev@clarionmag.com>
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 74342 invoked from network); 11 Jul 2000 17:14:26 -0000
Received: from unknown (HELO linumungo.clarionmag.com) (207.161.247.82)
  by locus.apache.org with SMTP; 11 Jul 2000 17:14:26 -0000
Received: from boris ([192.168.1.8])
	by linumungo.clarionmag.com (8.8.7/8.8.7) with SMTP id MAA15224
	for <tomcat-dev@jakarta.apache.org>; Tue, 11 Jul 2000 12:15:11 -0500
Date: Tue, 11 Jul 2000 12:10:34 CDT
X-Mailer: Virtual Access by Atlantic Coast PLC, http://www.soft-shop.com
Message-Id: <VA.00000017.047abb41@boris>
To: tomcat-dev@jakarta.apache.org, Dave Harms <jdev@clarionmag.com>
Subject: Re: Tomcat, Catalina, and Java2
In-Reply-To: <396B4D24.3BB4AA5@eng.sun.com>
From: Dave Harms <jdev@clarionmag.com>
Reply-To: jdev@clarionmag.com

Craig,

> Both Tomcat 3.x and Catalina have the concept of a Realm that separates
> the idea of looking up users and passwords from the idea of where they
> are looked up (the implementation details are a little different, but the
> concept is the same).
>
Thanks, I'll take a closer look at the Realm code. What's missing there for 
me is that I have some special-case authentication - not all access fits 
into a role scheme. So there's role-based authentication for the majority 
of pages, but where it fails there needs to be a check for 
user/page-specific permissions. 

> Contributions for other sources of authentication would certainly be
> useful!
>
I'll see how it goes<g>.

Dave

Dave Harms
jdev@clarionmag.com