tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bennett, Peter" <>
Subject Integrating Tomcat and jBoss security logon
Date Tue, 01 May 2001 14:29:01 GMT
I have looked in user manuals, FAQs and mailing list archives but cannot
find the answer to a deceptively simple question that I hope you can help
with ...

How do I allow a user to logon to my Tomcat server and then pass their logon
username and password transparently down to any enterprise beans that the
JSP uses on their behalf ?

My detailed scenario is as follows :-

I am starting with an application that I am running in Tomcat 3.2.1 as a

Security is configured so that the web browser pops up a dialog asking the
user to logon to a web security realm (as opposed to having a JSP I have
written to do the logon - at which point I could cache the username/password

This is a model I favour and it allows users of my application to use
features in browsers that let them cache their log on preferences. 

The JSP then makes uses of a JavaBean which accesses my database directly
via JDBC. The JSP checks permissions for a given username once they have
logged on by checking the UserPrincipal.

I wish to migrate this application to an EJB application server and have
installed the jBoss 2.1/Tomcat 3.2.1 integrated environment.

I have sucessfully ported functionality from my JavaBean to an Entity Bean
and enabled JAAS security on the jBoss container. A standalone client can
now log-on directly and securely via this mechanism to the Entity Bean.

I have sucessfully deployed a .war file with my JSPs and Entity Beans
bundled together and can view the JSP via the Tomcat web server. If I
disable security on the Entity Bean, the JSP will talk to it fine.

However I have not been able to allow a user to logon to the JSP page (via a
pop-up dialog) and then enable the JSP to pass the username/password onto
JAAS to talk to the entity bean. Can someone point me at a resource that
explains how to do this, surely it must be a common problem faced in
deploying web applications ?

Thanks in advance for your help,

Pete Bennett (
Principal Architect, Synomics Ltd.  

View raw message