tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Dahbura <t...@dahbura.com>
Subject Re: help for a realm author
Date Mon, 03 Feb 2003 14:00:08 GMT
Thanks!  That was the info I was looking for.

Tony


"Craig R. McClanahan" wrote:

> On Sun, 2 Feb 2003, Tony Dahbura wrote:
>
> > Date: Sun, 02 Feb 2003 15:56:01 -0500
> > From: Tony Dahbura <tony@dahbura.com>
> > Reply-To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> > To: Tomcat Developers List <tomcat-dev@jakarta.apache.org>
> > Subject: help for a realm author
> >
> > Team:
> > When tomcat is configured to support client side certificates for
> > authentication-what method does it call in a realm package?
> >
>
> Have a look at the authenticate() method in
> org.apache.catalina.authenticator.SSLAuthenticator, and you'll see that
> Tomcat calls the Realm.authenticate() method that takes a certificate
> chain as an argument.  If your Realm implementation subclasses RealmBase
> and you don't override it, the version of this method in
> org.apache.catalina.realm.RealmBase will get executed.
>
> > For instance for form and uid/password authentication it calls the
> > method
> > public Principal authenticate(String username, String credentials)
> >
> > For a certificate based access model is there another method tomcat will
> > call in the realm module?  I am trying to add certificate support to my
> > realm module and do not see much info on this?
> >
> > I would assume that Tomcat would support calling into a realm module
> > when client side certificates are enabled or is this handled differently
> > and outside of  the domain of realm modules-please elaborate if so?
> >
>
> Note that none of the above actually happens unless the user tries to
> access a webapp resource that is protected by a security constraint.
>
> > I may start the document on how to build realm modules as it has been
> > marked as a fixme for quite some time if the group thinks this would be
> > helpful.
> >
>
> That would be a very useful document.
>
> > Thanks for the assist on the above,
> > Tony
> >
>
> Craig
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message