tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Armstrong <>
Subject Re: realms and authentication
Date Tue, 05 Jun 2001 22:31:35 GMT
Antony Bowesman wrote:
> Andy Armstrong wrote:
> >
> > Michael Jennings wrote:
> > >
> > > Thanks for the feedback!
> > >
> > > Does tomcat 3.2.2 currently support JAAS?
> >
> > Not in any explicit sense I think (anyone?),
> JAAS is not explicitly supported by tomcat.  JAAS was only available
> from JDK 1.3, supplied as an extension.  JAAS is now merged into JDK1.4
> but there is no explicit support for JAAS in the servlet API spec 2.3
> although JAAS is graudually gaining momentum.  There has to be some
> reworking to the servlet spec (as well as EJB) to support the concept of
> multiple Principals and the JAAS Subject.

I've just been having a look at this. As you say it would be easy enough
to implement a JAAS realm -- the main problem being how to provide
access to the JAAS Subject. The cleanest route would seem to be just to
expose the Subject directly by adding

  Subject getUserSubject()

to HttpServletRequest() leaving the question of how to change the
handling of Principals to reflect the fact that there can be more than
one under JAAS.

A quick google reveals that the question of JAAS/Tomcat integration, but
I couldn't bottom out what the consensus was last time -- the threads I
found just seemed to fizzle out...

Andy Armstrong, Tagish

View raw message