The feature you want has been implemented in Tomcat 5 (not in Tomcat
4.1.x).
You can probably port it if you realy needs it (see
http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java)
or starts using Tomcat 5.
-- Jeanfrancois
Peter Kelley wrote:
>I tell a lie, you can't get access to the users session easily from a
>realm's authenticate method.
>
>Perhaps I could write a valve that looks at the request and looks up the
>realm the user belongs to. I could then cache the subjects in the realm
>and run the rest of the pipeline using doAs(subject, xxxx).
>
>This seems awfully low level but I can't see another way. Can anyone
>suggest an alternative ? Surely this problem has been encountered
>before.
>
>On Thu, 2003-02-06 at 15:43, Peter Kelley wrote:
>
>
>>I have set up form based authentication for Tomcat 4.1.18 using the
>>JAASRealm and I am using it to connect to a remote JBoss server.
>>Whenever a new user logs in all of the sessions of the existing users
>>take on the identity of the new user on the EJB server.
>>
>>It appears as if something needs to be done to associate the JAAS
>>subject with the current thread every time a request comes in. I can
>>cache the subject in the session but I'm not sure how to go about doing
>>the association.
>>
>>Any ideas ?
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
|