tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Kelley <>
Subject Re: JAAS login context propagation to JBoss
Date Thu, 06 Feb 2003 08:42:26 GMT
I tell a lie, you can't get access to the users session easily from a
realm's authenticate method. 

Perhaps I could write a valve that looks at the request and looks up the
realm the user belongs to. I could then cache the subjects in the realm
and run the rest of the pipeline using doAs(subject, xxxx).

This seems awfully low level but I can't see another way. Can anyone
suggest an alternative ? Surely this problem has been encountered

On Thu, 2003-02-06 at 15:43, Peter Kelley wrote:
> I have set up form based authentication for Tomcat 4.1.18 using the
> JAASRealm and I am using it to connect to a remote JBoss server.
> Whenever a new user logs in all of the sessions of the existing users
> take on the identity of the new user on the EJB server.
> It appears as if something needs to be done to associate the JAAS
> subject with the current thread every time a request comes in. I can
> cache the subject in the session but I'm not sure how to go about doing
> the association.
> Any ideas ?
Peter Kelley <>
Moveit Pty Ltd

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message