tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeanfrancois Arcand <jfarc...@apache.org>
Subject Re: JAAS login context propagation to JBoss
Date Thu, 06 Feb 2003 15:30:56 GMT
The feature you want has been implemented in Tomcat 5 (not in Tomcat 
4.1.x).

You can probably port it if you realy needs it (see 
http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java)

or starts using Tomcat 5.

-- Jeanfrancois


Peter Kelley wrote:

>I tell a lie, you can't get access to the users session easily from a
>realm's authenticate method. 
>
>Perhaps I could write a valve that looks at the request and looks up the
>realm the user belongs to. I could then cache the subjects in the realm
>and run the rest of the pipeline using doAs(subject, xxxx).
>
>This seems awfully low level but I can't see another way. Can anyone
>suggest an alternative ? Surely this problem has been encountered
>before.
>
>On Thu, 2003-02-06 at 15:43, Peter Kelley wrote:
>  
>
>>I have set up form based authentication for Tomcat 4.1.18 using the
>>JAASRealm and I am using it to connect to a remote JBoss server.
>>Whenever a new user logs in all of the sessions of the existing users
>>take on the identity of the new user on the EJB server.
>>
>>It appears as if something needs to be done to associate the JAAS
>>subject with the current thread every time a request comes in. I can
>>cache the subject in the session but I'm not sure how to go about doing
>>the association.
>>
>>Any ideas ?
>>    
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message