tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: default JAAS realm for StandardEngine
Date Mon, 07 Apr 2003 15:31:10 GMT


Costin Manolache wrote:

>Amy Roh wrote:
>
>  
>
>>What's the background for StandardEngine returning JAAS realm by default
>>when its realm is null?
>>    
>>
>
>It was discussed few times. This is only the default - it should be possible
>to override it ( if not - it's a bug ).
>
Well, I would prefer having to set it outside the class instead of doing:

    public Realm getRealm() {
        Realm configured=super.getRealm();
        if( configured==null ) {
            configured=new JAASRealm();
            this.setRealm( configured );
        }
        return configured;
    }


This introduce a bug because if you want to set a different Realm for 
each Context, the Engine default value will override the Context one. 
IMBW, but from the test I'm doing using the embedded interface, I always 
received the engine one instead of the Context one.

Why not setting the realm outside StandardEngine? We will still supports 
JAAS as default.

-- Jeanfrancois

>
>The rationale is simple - JAAS is the standard for authentication in java:-)
>And since other systems use JAAS, it would be easier to integrate and to
>develop auth modules. 
>
>I don't know if we'll get to refactor the database and LDAP module to 
>JAAS login modules - that would make them useable in other apps, but 
>it will be a bit harder to configure.
>
>The config for JAAS may be a bit tricky - if you want to try it,
>I used: 
>
>Tomcat-Standalone {
>    org.apache.catalina.realm.JAASMemoryLoginModule Required
>pathname="/opt/50/conf/tomcat-users.xml"
>    ;
>}
>in ~/.java.login.config
>
>
>Costin
>
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message