tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luke Studley <>
Subject RE: Custom Authentication
Date Tue, 22 Jan 2002 16:02:15 GMT
You need to write your own Realm implementation. Look at the source for the
JDBC Realm.

On another issue to do with Login - Does anyone know how to pass multiple
credentials using a FORM login.
E.g. the user needs to input a password and a passphrase - But the Realm
only get the j_password field.

Is it possible to get access to the HttpRequest in the Realm to check for
other parameters?



-----Original Message-----
From: Ricardo Ramalho [] 
Sent: 22 January 2002 14:51
To: Tomcat Users List
Subject: Custom Authentication

Hi ppl! Again....

It looks like i wasn't very accurate in my first question here...
What i wanted to do is something like this: (hope you guys can help) This is
my actual Athentication class, with uses BASIC login.

import java.lang.*;
import java.sql.*;
import javax.sql.*;
import javax.naming.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.*;
import allaire.jrun.util.*;

public class Autentica implements AuthenticationInterface
     * Initialize the authentication service
     * @param props The properties for the service
    public void init(OrderedProperties props) throws Exception
            //Não se faz nada aki

     * Destroy the service
    public void destroy()
            //Não se faz nada aki

     * Authenticate the given user with the given credentials (such
     * as a password).
     * @param req The servlet request
     * @param username The username to authenticate
     * @param method The type of authentication method (BASIC, DIGEST, FORM,
     * or CLIENT-CERT)
     * @param credentials Password and/or other credentials necessary
     * in authenticating the user
     * @return The Principal associated with the given username, or null
     * if authentication failed
    public Principal authenticate(HttpServletRequest req, String username,
String password) {
                Principal principal = null;
  //tipos para a ligação à base de dados
  Connection dbCon = null;
  Statement dbStat = null;
  String sqlStat = null;
  ResultSet dbRes = null;

                // If we have a password, attempt to validate it
                if (password != null) {
                        try {
                                String dbPass = null;
                                //Acesso à base de dados - apanhar uma
conecção da pool de conexoes do JRun
           InitialContext ctx = new InitialContext();
           DataSource ds =
           dbCon = ds.getConnection();
           dbStat = dbCon.createStatement();
                                sqlStat = "SELECT passwd FROM users WHERE
user='" + username + "'";
                                dbRes = dbStat.executeQuery(sqlStat);
                                dbPass = dbRes.getString(1);
                                if (dbPass.equals(password)) {
                                        principal = new
                        } catch (Exception e) {
        return principal;

     * Determines if the given principal (user) has been granted the
     * given role within this authentication realm.
     * @param principal The principal (user) to verify
     * @param role The role to verify
     * @return true if the principal is part of the given role
    public boolean isPrincipalInRole(Principal principal, String role)
        return true;

Thank you for any help in advance

Ricardo Ramalho
Carcavelos Lisbon Portugal
EWorks Consulting

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

To unsubscribe:   <>
For additional commands: <>
Troubles with the list: <>

View raw message