tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Field-Elliot <bryan_li...@netmeme.org>
Subject Re: JAASRealm/LoginManager questions
Date Fri, 14 Feb 2003 22:29:07 GMT
On Fri, 2003-02-14 at 15:16, Will Hartung wrote:

    Let me head over to the corner, grab my stool and white, pointy
    "Ignorant"
    hat here as I butt in, but could what you want to be done be done
    portably
    using Filters? IMHO Filters are the most powerful aspect of the 2.3
    spec as
    they provide a great layering and request trapping mechanism in a
    portable
    way with which you can do just all sorts of truly horrible things.
    
    I'd be very interested to hear why a Filter would NOT work in this
    case, but
    as I said, I haven't been totally following the thread here. It's
    probably
    glaringly pointed out on line 12 of the initial post (RTFML Will!
    STFU!).
    


Filters (and Servlets, and JSP pages) are prohibited from setting the
Subject/Principal (e.g. they are prohibited from actually performing
Authentication).

This whole thread started because, I want to implement a new and
exciting style of authentication, and I wanted to trick the "form-based"
authentication into working with me instead of against me. This would be
portable across containers if it were possible, but Craig is saying, no,
no, no, no, and no (in as many ways).

I think I'll concede that this is beaten to death, and I'll be diving
into proprietary extensions (such as Tomcat's Authenticator) next.
Thanks Craig for running back and forth with me on this. We'll let it
rest for a day and then perhaps you can field some questions about the
Authenticator class. ;)

Thanks,
Bryan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message