tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haller, Joe" <>
Subject RE: AccessInterceptor vs. SecurityCheck
Date Fri, 22 Sep 2000 17:24:59 GMT
Digging some more, I see that "org.apache.tomcat.request.SimpleRealm" is
used as a RequestInterceptor...

        <!-- Check permissions using the simple xml file. You can 
             plug more advanced authentication modules.
            debug="0" />

Moreover, it's source code defines authenticate() and a member class
"MemoryRealm" that has methods for checkPassword() and userInRole().

Can anyone confirm if SimpleRealm replace SecurityCheck?

J. Haller

-----Original Message-----
From: Haller, Joe []
Sent: Friday, September 22, 2000 9:05 AM
To: ''
Subject: RE: AccessInterceptor vs. SecurityCheck

I am trying to implement Mr. Mark Wilcox's LDAP authenticator (as described
in "Professional JSP", Chap. 15) under Tomcat 3.2b4.

Mr. Wilcox's class "com.mjwilcox.ldapAuthCheck" extends
"org.apache.tomcat.request.SecurityCheck".  It then replaces SecurityCheck
is the TOMCAT_HOME/conf/server.xml file as follows:

<!-- <RequestInterceptor className="org.apache.tomcat.request.SecurityCheck"
/> -->
<RequestInterceptor className="com.mjwilcox.ldapAuthCheck" />

Looking at the Tomcat 3.2b4 distribution, I see that SecurityCheck does not
in the webserver.jar file or in server.xml.  There is a class
"org.apache.tomcat.request.AccessInterceptor" that appears in both places.  

Does AccessInterceptor supercede SecurityCheck in Tomcat 3.2b4?

Many thanks in advance.
J. Haller

View raw message