tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: JAAS LoginModule ?
Date Fri, 30 May 2003 03:50:49 GMT
It really depends on what you need to do.  For the simplest case, you
implement your own Realm (public class MyRealm implements
org.apache.cataliana.Realm), and configure it in server.xml like anyother
Realm.  In TC 4.x, Realms don't have access to the Request/Response:  They
just get the login credentials, and are expected to validate them (or not

If you need more control on authentication, then you need to implement a
custom Authenticator (public class MyAuthenticator implements
Valve,Authenticator).  This class gets full control over authenticating a
Request, and can access anything in the Request/Response.  You configure it
<Context path="/myapp" docbase="webapps/myapp">
   <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />

Neither of these (but especially the second) plays well with the admin

"Eric Chow" <> wrote in message
> Hello,
> In Tomcat, we can use container based authorization.
> Those username/password information can be place in a XML files or use
> DBRealm, right ?
> How can I implement a login module, so that the Web Container will called
> module instead of the default login module.
> For example, the following is my login.jsp.
> <form action="j_security_check" method="post" name="fm">
>    <input name="j_username">
>    <input name="j_password">
>    <input type="submit" value="Login">
> </form>
> When the above submit, it will pass to my LoginModule, how can I implement
> that part?
> Best regards,
> Eric
> ==========================
> If you know what you are doing,
> it is not called RESEARCH!
> ==========================

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message