Return-Path: 
 <tomcat-dev-return-20728-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 71033 invoked by uid 500); 4 May 2001 06:55:27 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-dev@jakarta.apache.org>
Reply-To: tomcat-dev@jakarta.apache.org
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 70801 invoked from network); 4 May 2001 06:55:22 -0000
Message-ID: <3AF2522F.25177621@teamware.com>
Date: Fri, 04 May 2001 09:54:39 +0300
From: Antony Bowesman <adb@teamware.com>
X-Mailer: Mozilla 4.73 [en] (WinNT; U)
X-Accept-Language: en,fi
MIME-Version: 1.0
To: TomcatDev <tomcat-dev@jakarta.apache.org>
Subject: Realm implementations
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

Hi,

In TC 3.x authenticate() method of a realm is called for every request. 
(I gather this is changed in 4.x).  

I am implementing a JAAS Realm which authenticates against a back end
EJB user realm.  I want to avoid this authentication for every request
so I have done the following in authenticate()

authenticate()
{
   ...
   JAASRealmPrincipal principal = new
              JAASRealmPrincipal(principalName, lc.getSubject());
   //  Set principal into Tomcat
   req.setUserPrincipal(principal);
   ...
}

so, now if I call getUserPrincipal() I get my JAAS realm that now sits
inside tomcat's RequestImpl.

In 3.2.2b1 the req.getUserPrincipal() method created a SimplePrincipal
if the principal was null so it never returned null.

In 3.2.2b4 it is changed (same as 3.3) and now returns null if there is
no principal.  So, it is sufficient to do this in authenticate()?

--------------------
   if (req.setUserPrincipal(principal) == null)
   {
       // User not authenticated... do authentication
       ...
       JAASRealmPrincipal principal = new
                 JAASRealmPrincipal(principalName, lc.getSubject());
       //  Set principal into Tomcat
       req.setUserPrincipal(principal);
       ...
   }
   else
       // User already authenticated...
       return true;
--------------------

I am assuming the RequestImpl is a per HTTP session object.  Is this
correct?  So, each different HTTP session will get a different
RequestImpl?

If so, when HTTP session times out the authentication for that user is
lost.  Is it possible to keep the HTTP session alive beyond the
configured timeout through some keep alive mechanism?  I have a logical
session that is container independent and there may have been activity
on that session that is not related to the HTTP session and so I want to
prevent Tomcat from losing the authenticated context. 

How does this fit into TC4?

Best regards
Antony

-- 
Antony Bowesman
Teamware Group 
adb@teamware.com
tel: +358 9 5128 2562
fax: +358 9 5128 2705