tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "mate markovic" <>
Subject tomcat-5.0.27 authentication/authorization
Date Sat, 29 Jan 2005 09:52:13 GMT

You can find discusion here:
tomcat-5.0.27 authentication/authorization

Hi all.

Tomcat, and any other servlet server, when we use
"<auth-method>FORM</auth-method>" with j_security_check,
j_username, j_password and <security-constraint>,
check our user name and password against database
(or anything else - but this wasn't important now) and then
(I think in servlet session?) for repossess.

After that we can access resource specified in <web-resource-collection>
if we have THAT_SOMETHING (role). And THAT_SOMETHING will
be passed automatically to EJB if we use EJB, and so on......

Is it possible to put THAT_SOMETHING from my code i.e. servlet?

For example, if I want to use in JSP other name for j_securi­ty_check,
j_username, j_password, or I want to use other presentation
for my web app like Swing or simmilar?
I could check user name or anything else by myself and then
put THAT_SOMETHING and proceed like I was make
real j_security_check.

Do you know how to do this?

P.S. I can't use JAAS.

Express yourself instantly with MSN Messenger! Download today it's FREE!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message