tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: Antwort: Re: JAAS LoginModule ?
Date Fri, 30 May 2003 07:37:47 GMT

"Oliver Wulff" <oliver.wulff@zurich.ch> wrote in message
news:OF40D1D291.873EAD26-ONC1256D36.00270099-C1256D36.002741AF@email.zurich.
com...
>
>
>
>
>
> The problem with filters is:
> >>>
> The problem is that the security contrains are evaluated before the
> filter. So I guess that you may have to implement that what you want to
> achive with the constraints on your own. (Or you have to configure apache
> to do it, and this way omit the constraints from tomcat.)
>
> One tomcat specific way to come around that may be a Valve. (It is called
> before any filter, but I don't know if it is called before the evaluation
> of the constraints)

Explicitly configured Valves are called before implicitly configured
Authenticators.  Explicitly configured Valves, and Explicitly configured
Authenticators depends on the declaration order.

> <<<
>
> I get this information some months ago from Ralph Einfeldt.
> Authentication is not part of the J2EE specification. So, if you want to
> customize this step, you have to do it individually for each container.
>
> Oliver
>
>
>
>
>
>                       "Bill Barker"
>                       <wbarker@wilshir         An:
tomcat-user@jakarta.apache.org
>                       e.com>                   Kopie:
>                       Gesendet von:            Thema:   Re: JAAS
LoginModule ?
>                       news
>                       <news@main.gmane

>                       .org>
>
>
>                       30.05.2003 09:06
>                       Bitte antworten
>                       an "Tomcat Users
>                       List"
>
>
>
>
>
>
> Nope. Realms and Authenticators are Tomcat-specific.   There are reports
on
> this list of people using Filters to do much the same thing (i.e. search
> the
> archives).
>
> "Eric Chow" <echow@macaucabletv.com> wrote in message
> news:000501c3265d$f1be4b20$5c64a8c0@mctv...
> > How can I do if I want to implmenet an Authenicator that can use in any
> > other application servers.(JBoss, WebLogic, etc) ?
> >
> > Eric
> >
> >
> >
> > ----- Original Message -----
> > From: "Bill Barker" <wbarker@wilshire.com>
> > To: <tomcat-user@jakarta.apache.org>
> > Sent: Friday, May 30, 2003 11:50 AM
> > Subject: Re: JAAS LoginModule ?
> >
> >
> > > It really depends on what you need to do.  For the simplest case, you
> > > implement your own Realm (public class MyRealm implements
> > > org.apache.cataliana.Realm), and configure it in server.xml like
> anyother
> > > Realm.  In TC 4.x, Realms don't have access to the Request/Response:
> They
> > > just get the login credentials, and are expected to validate them (or
> not
> > > :).
> > >
> > > If you need more control on authentication, then you need to implement
> a
> > > custom Authenticator (public class MyAuthenticator implements
> > > Valve,Authenticator).  This class gets full control over
authenticating
> a
> > > Request, and can access anything in the Request/Response.  You
> configure
> > it
> > > via:
> > > <Context path="/myapp" docbase="webapps/myapp">
> > >    <Valve className="com.myfirm.mypackage.MyAuthenticator" .... />
> > > </Context>
> > >
> > > Neither of these (but especially the second) plays well with the admin
> > > webapp.
> > >
> > > "Eric Chow" <echow@macaucabletv.com> wrote in message
> > > news:001c01c3264d$f8528240$5c64a8c0@mctv...
> > > > Hello,
> > > >
> > > > In Tomcat, we can use container based authorization.
> > > >
> > > > Those username/password information can be place in a XML files or
> use
> > > > DBRealm, right ?
> > > >
> > > >
> > > > How can I implement a login module, so that the Web Container will
> > called
> > > my
> > > > module instead of the default login module.
> > > >
> > > > For example, the following is my login.jsp.
> > > >
> > > > <form action="j_security_check" method="post" name="fm">
> > > >    <input name="j_username">
> > > >    <input name="j_password">
> > > >    <input type="submit" value="Login">
> > > > </form>
> > > >
> > > > When the above submit, it will pass to my LoginModule, how can I
> > implement
> > > > that part?
> > > >
> > > > Best regards,
> > > > Eric
> > > >
> > > > ==========================
> > > > If you know what you are doing,
> > > > it is not called RESEARCH!
> > > > ==========================
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message