tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arto Pastinen <>
Subject about authentication
Date Mon, 27 Dec 2004 08:48:18 GMT

Can someone explain how tomcat handles authentication.

My problem is, that i must access secure EJB's from my web application,
and everything work fine, if i use tomcat's basic or form
authentication, but the problem is that i cannot show login page (basic
or form), and i will use static principal & credential.

I have make security filter, which login to loginmodule
( in filter, and login seems to

i put subject to session, and i use it in my code:

 Subject s = (Subject)
System.out.println("Delegate.test() subject: " + s);
s.doAs(null, new PrivilegedAction() {
  public Object run() {        
    try { 
DocumentControllerHomeLocal home =

DocumentControllerLocal local = home.create();

        catch(Throwable t) {
  return null;			        

That system.out show's me that correct principal / credential is
associated with subject, so login in success when i get home object. (by
springframework JndiAccess) but it just wont work!
authentication data is not marshalled with (home.create()) RMI call, no
matter what i try.

I have tried to search what tomcat do in different way in basic
authentication, but i am very busy, and i have no time to read all
authentication code.. so i will be very happy every help.

btw. i use jboss..

Thnx already, Artsi

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message