tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Andersén <peter.ander...@nextra.com>
Subject Re: Authentication to LDAP
Date Mon, 26 Feb 2001 17:17:56 GMT
Hi
I can be included on this.
I have built a bean for doing contextless login into LDAP.
It maybe could be useful for this, but i need to understand what do you need
for the plugins to work.
I have not been looking at this much so if someone could enlight my on the
subject i could check.

/Peter
----- Original Message -----
From: "Fernando Padilla" <fern@interdimensions.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, February 26, 2001 5:30 PM
Subject: Re: Authentication to LDAP


>
> Tomcat 3.x uses Interceptors and thus the SecurityCheck.
>
> Tomcat 4.x uses Generalized Security handling code with pluggable Realm
> classes ( realms are access points into user authentication, authorization
> information ).  Realms are pluggable under the conf/server.xml file.
>
> There is a SimpleRealm class, and a JDBCRealm class.  Maybe someone should
> volunteer a JAASRealm and LDAPRealm for normal users to use...
>
> fern
>
>
>
>
>
> On Sun, 25 Feb 2001, Falcon cheetah wrote:
>
> >
> >  Well,  I extend SimpleRealm because I did not see securityCheck
anywhere in the tomcat tree, and I assumed it was modified. And it works for
me :)
> >
> > What is JAAS? And I am not sure if writing and intercepter qualifies as
a project.
> >
> > I guess what we need to do is to get the wrox code to work for us and
then modify it to do more general auth with ldap. I saw that there is a huge
amount of bad coding in that wrox class and I am waiting to see it working
so I would do a whole rewrite.
> >
> > I guess if you want us to launch a project for this we have to start
putting the word on the tomcat-dev, rather than tomcat-users, someone would
give us the heads on there.
> >
> >
> >
> > Regards.
> >
> > Ahmed.
> >
> >
> >   Martin Smith <mfsmith@erols.com> wrote:
> > OK, I've read over ldapAuthCheck.java (by Mark Wilcox, apparently.) I
> > pretty well understand everything there, except I have a blank spot in
> > knowledge of the Tomcat architecture. Which means I don't understand
> > why you had to extend simpleRealm instead of securityCheck.
> >
> > Obviously, neither this class nor Tomcat implements JAAS. I'm assuming
> > that's because they were built before JAAS was defined. They're also
> > much simpler than the total pluggable-authentication-module framework
> > implemented by JAAS. That's cool, since I don't need all that stuff
> > anyhow. It's nice that the user name and password are just passed as
> > strings in the call to checkPassword(), for example.
> >
> > So--What needs doing? I've never worked on a project so I don't know the
> > rules.
> >
> > (The only thing I know I'd like to change is to add flexibility to use
> > the "mail" attribute as the userID instead of the "UID" attribute.)
> >
> > Martin
> >
> >
> > Falcon cheetah wrote:
> >
> > > Martin,
> > >
> > > There is a good material about LDAP with Tomcat from Wrox's
> > > Professional JSP. There are two chapters that talk about this, and on
> > > chapter 15 they write a tomcat interceptor to do this task. I am
> > > currently trying to squeez sometime to test that. If you want to
> > > download the source code from their site and take a look at it.
> > >
> > > I know they have few issues with their interceptor. For example I had
> > > to make the class extend SimpleRealm instead of CheckSecurity.
> > >
> > > If you want to play with it and we can cooporate on expanding this
> > > code or put it in a seperate project if you want. If not I am glad to
> > > point out this great book to you and everyone else.
> > >
> > >
> > >
> > > Ahmed.
> > >
> > > Martin Smith wrote:
> > >
> > > I have been patiently lurking and waiting to see some news
> > > on the
> > > existence of a way to do Servlet container (ie Tomcat)
> > > authentication
> > > against an LDAP source of security info.
> > >
> > > I even posted an RFP at one of these freelancer sites
> > > (ants.com) to have
> > > one built. No credible responses.
> > >
> > > Limited though I am at programming java (or anything), I'm
> > > considering
> > > trying to build one myself. But I thought I'd ask one last
> > > time: is
> > > there a JNDI or LDAP Interceptor in the works anywhere?
> > >
> > > If not, any advice on the scope of the project? Do I just
> > > get the
> > > JDBCRealm source and analogize? (Sure hope we don't need
> > > threads! And
> > > callbacks sound hard, too.)
> > >
> > > TIA,
> > >
> > > martin
> > >
> > >
> > >
> > > -
> > > -------------------------------------------------------------------
> > >
> > > To unsubscribe, e-mail:
> > > tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, email:
> > > tomcat-user-help@jakarta.apache.org
> > >
> > >
> >
> -----------------------------------------------------------------------
> > > Do You Yahoo!?
> > > Yahoo! Auctions - Buy the things you want at great prices!
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, email: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> > ---------------------------------
> > Do You Yahoo!?
> > Yahoo! Mail Personal Address - Get email at your own domain with Yahoo!
Mail.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, email: tomcat-user-help@jakarta.apache.org
>


Mime
View raw message