tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <>
Subject Re: JAAS login context propagation to JBoss
Date Thu, 06 Feb 2003 15:30:56 GMT
The feature you want has been implemented in Tomcat 5 (not in Tomcat 

You can probably port it if you realy needs it (see

or starts using Tomcat 5.

-- Jeanfrancois

Peter Kelley wrote:

>I tell a lie, you can't get access to the users session easily from a
>realm's authenticate method. 
>Perhaps I could write a valve that looks at the request and looks up the
>realm the user belongs to. I could then cache the subjects in the realm
>and run the rest of the pipeline using doAs(subject, xxxx).
>This seems awfully low level but I can't see another way. Can anyone
>suggest an alternative ? Surely this problem has been encountered
>On Thu, 2003-02-06 at 15:43, Peter Kelley wrote:
>>I have set up form based authentication for Tomcat 4.1.18 using the
>>JAASRealm and I am using it to connect to a remote JBoss server.
>>Whenever a new user logs in all of the sessions of the existing users
>>take on the identity of the new user on the EJB server.
>>It appears as if something needs to be done to associate the JAAS
>>subject with the current thread every time a request comes in. I can
>>cache the subject in the session but I'm not sure how to go about doing
>>the association.
>>Any ideas ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message