tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Hartung" <wi...@msoft.com>
Subject Re: JAASRealm/LoginManager questions
Date Fri, 14 Feb 2003 22:56:04 GMT
> From: "Bryan Field-Elliot" <bryan_lists@netmeme.org>
> Sent: Friday, February 14, 2003 2:29 PM
> Subject: Re: JAASRealm/LoginManager questions


> Filters (and Servlets, and JSP pages) are prohibited from setting the
> Subject/Principal (e.g. they are prohibited from actually performing
> Authentication).

I see. The Servlet API does not expose a technique through which an
Application can "plug in" to the overall container security heirarchy.

So, while a Filter could be used to create an application specific security
mechanism, a developer could not write a generic Servlet, to spec, using the
Servlet API security mechanism, and have an application specific security
mechanism handle the details of the authentication.

Huh. Bother.

Yeah, that's a pain I think from a portability standpoint.

Regards,

Will Hartung
(willh@msoft.com)




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message