tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Hsu" <>
Subject Re: Realm
Date Sun, 25 May 2003 17:42:41 GMT

Thank you for your help.
You are correct I don't need to grab the password. You mean I just need to
write a servlet and catch the user name from request and get all user
information and save them in session. But how can I ask Realm to call my
servlet after Tomcat do the authentication. I like to do same thing as website do. This web site can pull your account information
after you log in.


----- Original Message -----
From: "Craig Berry" <>
To: "Tomcat Users List" <>;
Sent: Saturday, May 24, 2003 9:53 PM
Subject: RE: Realm

> The username can be obtained using the HttpServletRequest.getUserPrincipal
method (see
etRequest.html).  See the Principal doc on how to get the username string
from the returned Principal object.
> In general, if you're going to use JAAS authentication, it's wise to
design your app so that it doesn't need to know the logged-in user's
password.  None of the standard authenticators put it anywhere conveniently
accessible, and for good reason; the less code involved in handling
passwords, the fewer places there are for a security exploit to grab it.  If
you really need to get the password to your own code, you'll need to write a
custom JAAS authenticator that does what you need.
> -----Original Message-----
> From: Paul Hsu []
> Sent: Sat 5/24/2003 9:39 PM
> To:
> Cc:
> Subject: Realm
> Hi,
> I am using Tomcat Realm to authenticate user to access web site. I have
one question is how can I catch the user name/password after tomcat server
authenticate user (Tomcat will pop up a authenticate screen)? Any help would
be appreciated.
> Paul

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message