tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dinh, Chinh" <dinhtch...@yahoo.com>
Subject Re: REALM question - please help
Date Fri, 27 Jun 2003 12:07:15 GMT
Thanks for your help . I'm new to TOMCAT , so I may have some confusion.
I thought it's the way that TOMCAT does.  We have to use REALM to authenticate as we define
this in web.xml :

  <login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>MyRealm</realm-name>
  </login-config>
 
It will pop up a log in box, and Realm's authentication method will does the authentication.
  After the Login , it 'll call the Servlet's service().   In the Realm class, which extends
org.apache.catalina.realm.RealmBase, there is no access to HttpRequest, Response, or Session
at this point .  How do I store a data member of the Realm class some where (?) so that my
servlet can access to it ? Or is it something that should never be done ? What'd be an alternative
solution ?  I don't think Filter serves the goal that I describe above, am I correct ? 
Thank you very much. - Chinh

Bill Barker <wbarker@wilshire.com> wrote:
I agree with Jean-Francois that the design is less than perfect ;-). You
should probably re-think it. However, I'm willing to give you more than
enough rope to hang yourself ;-).

1) If your custom Realm is configured under a , then simply
have if save an instance of itself into the Session.
2) If not, or otherwise, have it set a request-attribute with itself as the
value.

"Dinh, Chinh" wrote in message
news:20030626213918.33246.qmail@web41012.mail.yahoo.com...
> Thanks for the response. My situation is like this:
> - I created my own Realm for webDAV access. When I launch
http://localhost:8080/webdav, it will first call myREalm's authentication().
Within authentication(), I calls some existing authentication class, which
returns a USER object (basically, has some application specific user
properties).
> - After the authentication is successful (from a Log-in Dialog box, for
example), it will get to my servlet (in this case, a webDAVservlet). In this
webDavServlet, I would like to get the USER object that I stored as a data
member in my Realm class.
> - That is the reason I want to be able to get the realm object from the
servlet. Any advise ? Thanks . - Chinh
> Jean-Francois Arcand wrote:
>
>
> Dinh, Chinh wrote:
>
> >I have a tomcat question for you .
> >
> >
> >
> >In Tomcat's server.xml, we define a realm (only ONE)
> >
> >
> >
> >
> >
> >When tomcat starts, I think it will instantiate a realm object of this
type .
> >
> >
> >
> >I am trying to find a way to access this realm object in my servlet (the
servlet that starts after the realm's authentication
> >
> >succeeds).
> >
> >There's a method "getRealm()" from org.apache.catalina.core.ContainerBase
, but how would we get this ContainerBase ?
> >
> No. For security reason, a servlet should not have access to any Tomcat
> classes. If your app is able to have access to those methods, any
> malicious app can also have access and snif the information.
>
> Why do you want to have access to the realm?
>
> >
> >Does Tomcat have some kind of global object of this type ?
> >
>
> No...and in Tomcat 5,we have enforced the security protection mechanism
> so it is mostly impossible to invoke Tomcat internal classes (when the
> security manager is turned on)
>
> >
> >
> >
> >Thank you . Chinh
> >
>
> -- Jeanfrancois
>
> >
> >
> >
> >---------------------------------
> >Do you Yahoo!?
> >SBC Yahoo! DSL - Now only $29.95 per month!
> >
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
> ---------------------------------
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org



---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message