tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Aggregate Realms?
Date Fri, 08 Feb 2002 02:58:31 GMT

On Thu, 7 Feb 2002, Marc Tinkler wrote:

> Date: Thu, 7 Feb 2002 19:30:20 -0500
> From: Marc Tinkler <>
> Reply-To: Tomcat Developers List <>
> To:
> Subject: Aggregate Realms?
> Hello,
> Since containers can only have a single realm, I would like to implement a Realm that
acts like an aggregator. It could contain other realms, and delegate authenticate calls to
each one, in order, and the first on that answered would provide the Principal.  This should
be easy to implement, but the hard part is getting a hook into the xml mapper to do the configuration.
> Ideally, you would want the server.xml file to look something like this:
> <Realm className="com.plumbdesign.tomcat.realm.AggregateRealm">
> 	<Realm className="org.apache.catalina.realm.MemoryRealm" />
>       <Realm className="com.plumbdesign.tomcat.realm.ActiveDirectoryRealm"
>              serverName=""
>              domainName="" />
> </Realm>
> My question is, can this be done? Is there any way for a realm to add
> XMLActions to control the way it is deserialized from XML? Any ideas?

Right now, the nested <Realm> elements would not be recognized, because
the pattern matcher matches on things like ".../Context/Realm" but not
".../Context/Realm/Realm".  One option would be to define a bean property
on your AggregateRealm implementation that pointed at an external XML
file, for which you could then construct your own XmlMapper (4.0) or
Digester (HEAD branch) to parse the nested realms, based on the rules that
Catalina normally uses.

In the HEAD branch, Digester also has the ability to recognize some wild
card patterns like "*/Realm" to match a <Realm> element no matter where it
is nested.  It would take some refactoring of how the Digester rules are
created (in ContextConfig), but might be feasible.

> Marc Tinkler

Craig McClanahan

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message