tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amrhein, Thomas" <tamrh...@debis.com>
Subject User Authentication
Date Tue, 21 Mar 2000 15:41:56 GMT
I found some info.

Thomas


Peter Beck wrote:

> Hi!
>
> As far as I have seen, users and roles are read from the static file
> "tomcat-users.xml".
>
> We already have users and passwords in a database and we'd like to use
> them for the homepage as well.
>
> Is there a way to have a servlet or EJB perform user authentication?

Yes, take a look at SecurityCheck - you just need to create an
interceptor
( either by extending SC or using it as a template ).
We will extend this to support JAAS - i.e. any PAM or the native
windows auth ( in 3.2 probably ).

A better solution if you use Tomcat + Apache ( IIS, NES ) is to set
the web server to do the authentication. It's not so easy right now,
because you need to set everything manually, but you can have
the same auth for both web server and servlets.

A third solution is to use your own authentication scheme, and
then you can do it in your servlets.

Costin

Mime
View raw message