Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 27026 invoked from network); 20 Jan 2006 09:54:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 20 Jan 2006 09:54:40 -0000 Received: (qmail 58976 invoked by uid 500); 20 Jan 2006 09:54:33 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 58939 invoked by uid 500); 20 Jan 2006 09:54:33 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 58924 invoked by uid 99); 20 Jan 2006 09:54:32 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jan 2006 01:54:32 -0800 X-ASF-Spam-Status: No, hits=0.5 required=10.0 tests=FORGED_HOTMAIL_RCVD2,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of jak-tomcat-dev@m.gmane.org designates 80.91.229.2 as permitted sender) Received: from [80.91.229.2] (HELO ciao.gmane.org) (80.91.229.2) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jan 2006 01:54:32 -0800 Received: from list by ciao.gmane.org with local (Exim 4.43) id 1Ezsy8-0006Z7-PB for dev@tomcat.apache.org; Fri, 20 Jan 2006 10:54:08 +0100 Received: from sherbrooke-hse-ppp3610831.sympatico.ca ([65.93.185.230]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 20 Jan 2006 10:54:08 +0100 Received: from jackzhp by sherbrooke-hse-ppp3610831.sympatico.ca with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 20 Jan 2006 10:54:08 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: dev@tomcat.apache.org From: "Jack" Subject: The original Realm Date: Fri, 20 Jan 2006 04:53:49 -0500 Lines: 39 Message-ID: References: X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: sherbrooke-hse-ppp3610831.sympatico.ca X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.3790.1830 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 X-RFC2646: Format=Flowed; Original Sender: news X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N "Terry Zhou" wrote in message news:daa09eb00601200137k6e9fa75cr@mail.gmail.com... >Tomcat does have a realm in different level(Engine,Host,Webapp) for >security. >Check http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html Personally, I believe that the original Realm mixed up the authentication & authorization. It should be seperated into Authorizer & UserRealm. The reason why I suggest to add user package is that the source code of the original implementation is not easy to be integrated into the source code of web-app. Principal is web-app dependant HttpServletRequest.getRemoreUser() returns the name of the user of the request. When we use certificates, the return object is not well defined since there is no name here. HttpServletRequest.getUserPrincipal() doesn't have a good definition, either. It just says the principal name of the current authenticated user. So, what is in the returned Principal object is up to the container, too. However, the reason to have such a method is to let the web-app can access it. And so, the returned Principal should be web-app dependent. We had better to ask the web-app to implement the Principal if the web-app care who the user is. In such a case, we had better leave the authentication to the web-app (in UserContext), too. If the web-app doesn't care at all, then we can use GenericPrincipal as the current implementation. jackzhp@hotmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org