tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: REALM question - please help
Date Thu, 26 Jun 2003 21:51:31 GMT


Dinh, Chinh wrote:

>Thanks for the response. My situation is like this:
>-  I created my own Realm for webDAV access.  When I launch http://localhost:8080/webdav,
it will first call myREalm's authentication().  Within authentication(), I calls some existing
authentication class, which returns a USER object (basically, has some application specific
user properties).  
>-  After the authentication is successful (from a Log-in Dialog box, for example), it
will get to my servlet (in this case, a webDAVservlet). In this webDavServlet, I would like
to get the USER object that I stored as a data member in my Realm class.  
>- That is the reason I want to be able to get the realm object from the servlet.   Any
advise ? Thanks . - Chinh
>

If you want to replace the current servlet authentication, you may want 
to implement that as a filter instead of a realm. Just search that list 
and you will find very good recommendations on how to do it. The filter 
have access to the principal (via the HttpServletRequest object). From 
that, I'm sure you can implement what you want.

-- Jeanfrancois


>Jean-Francois Arcand <jfarcand@apache.org> wrote:
>
>
>Dinh, Chinh wrote:
>
>  
>
>>I have a tomcat question for you . 
>>
>>
>>
>>In Tomcat’s server.xml, we define a realm (only ONE)
>>
>>
>>
>>
>>
>>When tomcat starts, I think it will instantiate a realm object of this type . 
>>
>>
>>
>>I am trying to find a way to access this realm object in my servlet (the servlet that
starts after the realm's authentication 
>>
>>succeeds).
>>
>>There’s a method “getRealm()” from org.apache.catalina.core.ContainerBase ,
but how would we get this ContainerBase ?
>>
>>    
>>
>No. For security reason, a servlet should not have access to any Tomcat 
>classes. If your app is able to have access to those methods, any 
>malicious app can also have access and snif the information.
>
>Why do you want to have access to the realm?
>
>  
>
>>Does Tomcat have some kind of global object of this type ?
>>
>>    
>>
>
>No...and in Tomcat 5,we have enforced the security protection mechanism 
>so it is mostly impossible to invoke Tomcat internal classes (when the 
>security manager is turned on)
>
>  
>
>>
>>Thank you . Chinh
>>
>>    
>>
>
>-- Jeanfrancois
>
>  
>
>>
>>---------------------------------
>>Do you Yahoo!?
>>SBC Yahoo! DSL - Now only $29.95 per month!
>>
>>
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>---------------------------------
>Do you Yahoo!?
>SBC Yahoo! DSL - Now only $29.95 per month!
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message