tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Soefara Redzuan" <>
Subject How to write custom authentication method forTomcat as well as weblogic/orion?
Date Wed, 12 Feb 2003 06:38:22 GMT
Whilst Tomcat's JDBC Realm's are easy to set up and get working, 
(, I'm 
wondering how easy it might be to write our own authentication mechanism 
using Filters ?  There are a few reasons for this,
1) We'd like a security mechanism which has "Groups" as well as users and 
roles, with roles attached to groups (as well as users).
2) The current JDBC Realm is logging off users (sometimes within a minute of 
them logging-in).
3) We'd like a security mechanism that will work with Weblogic and Websphere 
as well as Tomcat, with little (or no) change.
4) We would like the passwords encrypted in the database.

Having thought about this for a while, it seems that I could easily write 
one as follows,
- create a AuthenticatedUser javabean
- write a Filter that checks whether an AuthenticatedUser object exists in 
the session.  If it does, the user is authenticated. If not, the Filter 
redirects to a log-in page instead. Also remember the originally requested 
- create a login page and an associated FormHandler which simply 
authenticates against the database and creates an AuthenticatedUser object 
in the session, then redirects to the originally requested URL.

Is that it or have I overlooked something?  It seems a bit too simple.

Thank you very much in advance.

Soefara Redzuan.

The new MSN 8: smart spam protection and 2 months FREE*

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message