tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony Bowesman <>
Subject Re: Per-context authentication database
Date Fri, 01 Jun 2001 09:46:44 GMT

My comments relate to tomcat 3, not 4 but the same principles apply.

Twylite wrote:
> Hi,
> It is possible to have a per-context authentication database,
> especially one that does not have to be configured using server.xml ?
> This is the sort of scenario I am looking at:  A WAR file is added
> to the webapps directory, and on restarting Tocmat will be deployed.
> It contains all of the information necessary for it to function, 
> including its own password database (and maybe even the database 
> drivers).  There is no need to modify the server.xml in any way.
> Can this be done?

I have written a JAAS Realm which is configured in the usual way in
server.xml.  e.g.

                debug="99" />

The server.xml attributes specify defaults for all contexts.  However,
specific attributes can be configured in web.xml for each web app, such


to override the default.  In the realm implementation authenticate() I
just do stuff like

    Context ctx = req.getContext();
    String jaasConfigEntry = ctx.getInitParameter(jaasConfigKey);

which allows context specific authentication.  I guess it's easy enough
to modify the JDBC realm so that you can use different databases per
context using this mechanism or write your own realm.

> The very important catch here is that I want to use Tomcat's support
> for form logon - that is, the form-logon-page and logon-error-page
> in the web.xml, and all that jazz.  I do not intend writing my own
> logic to handle the authentication!

I'm not sure what you mean by not wanting to write your own logic to
handle the authentication.  JDBC realm simply does string comparison
between two passwords.  Authentication in the JAAS Realm is handled by
the JAAS Login module.  The form login support is not really relevant, I
think all the realm implementations I've seen support both form/basic

Antony Bowesman
Teamware Group
tel: +358 9 5128 2562
fax: +358 9 5128 2705

View raw message