tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Will Hartung" <>
Subject Re: JAASRealm/LoginManager questions
Date Fri, 14 Feb 2003 22:56:04 GMT
> From: "Bryan Field-Elliot" <>
> Sent: Friday, February 14, 2003 2:29 PM
> Subject: Re: JAASRealm/LoginManager questions

> Filters (and Servlets, and JSP pages) are prohibited from setting the
> Subject/Principal (e.g. they are prohibited from actually performing
> Authentication).

I see. The Servlet API does not expose a technique through which an
Application can "plug in" to the overall container security heirarchy.

So, while a Filter could be used to create an application specific security
mechanism, a developer could not write a generic Servlet, to spec, using the
Servlet API security mechanism, and have an application specific security
mechanism handle the details of the authentication.

Huh. Bother.

Yeah, that's a pain I think from a portability standpoint.


Will Hartung

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message