tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: help for a realm author
Date Sun, 02 Feb 2003 23:34:33 GMT


On Sun, 2 Feb 2003, Tony Dahbura wrote:

> Date: Sun, 02 Feb 2003 15:56:01 -0500
> From: Tony Dahbura <tony@dahbura.com>
> Reply-To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> Subject: help for a realm author
>
> Team:
> When tomcat is configured to support client side certificates for
> authentication-what method does it call in a realm package?
>

Have a look at the authenticate() method in
org.apache.catalina.authenticator.SSLAuthenticator, and you'll see that
Tomcat calls the Realm.authenticate() method that takes a certificate
chain as an argument.  If your Realm implementation subclasses RealmBase
and you don't override it, the version of this method in
org.apache.catalina.realm.RealmBase will get executed.

> For instance for form and uid/password authentication it calls the
> method
> public Principal authenticate(String username, String credentials)
>
> For a certificate based access model is there another method tomcat will
> call in the realm module?  I am trying to add certificate support to my
> realm module and do not see much info on this?
>
> I would assume that Tomcat would support calling into a realm module
> when client side certificates are enabled or is this handled differently
> and outside of  the domain of realm modules-please elaborate if so?
>

Note that none of the above actually happens unless the user tries to
access a webapp resource that is protected by a security constraint.

> I may start the document on how to build realm modules as it has been
> marked as a fixme for quite some time if the group thinks this would be
> helpful.
>

That would be a very useful document.

> Thanks for the assist on the above,
> Tony
>

Craig


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message