tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Servlet Spec interpretation FORM-based authentication
Date Tue, 12 Nov 2002 23:47:55 GMT

On Tue, 12 Nov 2002, Algirdas P. Veitas wrote:

> Date: Tue, 12 Nov 2002 16:04:36 -0700
> From: Algirdas P. Veitas <>
> Reply-To: Tomcat Developers List <>
> To: Tomcat Developers List <>
> Subject: Re: Servlet Spec interpretation FORM-based authentication
> Craig,
> Thank you for clearing this up.  Here is what we are ultimately
> trying to do given our requirements.
> We need to introduce the concept of a domain when authenticating users.
> Meaning "jdoe" in "Domain X" is not the same user as "jdoe" in "Domain Y".
> Thus, we would like to add another input tag into the j_security_check
> form so that the user can specify their respective domain.
> Given the current implementation in the FormAuthenticator, is their any way
> that we can gain access to the "domain" parameter after Catalina performs
> authentication while maintaining conformity to the servlet specification?

The set of fields on a form login page are defined in the servlet spec, so
adding extra fields beyond j_username and j_password would break
compatibility with every other servlet container.  Obviously, you can make
that kind of a change in your own copy of Tomcat, but it would be
problematic to do things like that in the standard release.

How most people deal with the issue you raise is to combine the username
and the domain (in your scenario) into the j_username field of the login
(perhaps with usernames like "jdoe@domainx" and "jdoe@domainy" or
something like that), and disambiguate in the Realm implementation as
needed.  That way, you can use the standard container managed facilities
and still be portable.

> Thanks again,
>   Al


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message