tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: REALM question - please help
Date Thu, 26 Jun 2003 21:31:39 GMT


Dinh, Chinh wrote:

>I have a tomcat question for you . 
>
> 
>
>In Tomcat’s server.xml, we define a realm (only ONE)
>
>    <Realm classname = “com.mypackage.myRealm” >
>
> 
>
>When tomcat starts, I think it will instantiate a realm object of this type .  
>
> 
>
>I am trying to find a way to access this realm object in my servlet (the servlet that
starts after the realm's authentication 
>
>succeeds).
>
>There’s a method “getRealm()” from org.apache.catalina.core.ContainerBase , but
how would we get this ContainerBase ?
>
No. For security reason, a servlet should not have access to any Tomcat 
classes. If your app is able to have access to those methods, any 
malicious app can also have access and snif the information.

Why do you want to have access to the realm?

>
>Does Tomcat have some kind of global object of this type ?
>

No...and in Tomcat 5,we have enforced the security protection mechanism 
so it is mostly impossible to invoke Tomcat internal classes (when the 
security manager is turned on)

>
>
>
>Thank you . Chinh
>

-- Jeanfrancois

>
>
>
>---------------------------------
>Do you Yahoo!?
>SBC Yahoo! DSL - Now only $29.95 per month!
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message