tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Maring <Steven.Mar...@trcinc.com>
Subject RE: Authentication hook?
Date Fri, 07 Apr 2000 10:33:03 GMT
I'm doing an Impl right now that does authentication and nonrepudiation on a
per user basis at the functional level.  i.e.  Does this user have
permission to perform a given business process?  It involves placing
security interceptors in our remote business services.

I think that security is a rather implementation specific beast and it might
cause more problems trying to place it into a different context than the
architecture of a given application( distributed or otherwise ).  i.e.  Many
web applications are really just best thought of as 'front end' clients to
the real business applications.  If I do authentication and access control
at the web server or servlet container level, I kind of shoot myself in the
foot with regards to scalability.

But for small applications, I suppose that you could do some sort of context
specific authentication/access control from an LDAP server.  That would be
portable across across platforms.

Actually,  I've heard quite a bit of LDAP speak on the Cocoon users list.
You may want to check that out in the archive.  I haven't been paying
attention to it.  You may be able to use that for your purposes.

As far as hooking your own authentication mechanism into Tomcat is
concerned.  If you are running Linux, you could probably write a hook into
the Password Authentication Module (PAM).

Good luck.

--Steve Maring

-----Original Message-----
From: arne.haarseth@4tel.no
To: tomcat-user@jakarta.apache.org
Sent: 4/7/00 3:37 AM
Subject: Authentication hook?

Just some thought about authentication in case some of the developers
are
listening:
It would be nice to have a general web server based authentication
mechanism
with possibility to hook in a special made authentication mechanism. I
may
not be explaining this very well so I will try to give an example:
In the project I am working in now we have made a portal for a low end
terminal. We do not want the user to authenticate each time the user
accesses the portal. We could use long lived cookies for this purpose
but
the terminal can not handle many cookies so this cookie might be pushed
out
at some time. So we need to make another terminal spesific
authentication
mechanism. We also do not want to have this on each JSP page so a
general
authentication mechanism which works for all the pages of a web
application
would be nice. We also need to be able to hook our own special
authentication mechanism to this general mechanism.

By the way should this mail have been sent to one of the other mail
lists or
somewhere else?

Best regards
Arne C. HÃ¥rseth


------------------------------------------------------------------------
--
To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
For additional commmands, email: tomcat-user-help@jakarta.apache.org

Mime
View raw message