tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Victor R. Cardona" <vcard...@covad.net>
Subject Re: Programmatic Authentication?
Date Wed, 02 Jun 2004 01:44:13 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Carl Howells wrote:
| Is it possible to set the Principal and Roles for a session in a manner
| which will satisfy a <role-name> security constraint programmatically?
| At all?  I don't mind ignoring the servlet spec and doing something
| tomcat-specific.  This is something that vitally needs to be done on my
| project.
|
| Thanks for any solutions...

I did it by writing a filter that wrapped the incoming
HttpServletRequest with a HttpServletRequestWrapper if the client's
session contained a token placed there when they logged in.  The token
is a subclass of java.security.Principal, and the
HttpServletRequestWrapper overrides the getRemoteUser() isUserInRole()
and getUserPrincipal() methods.

HTH,
Victor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAvTDt8MW+BaXrmuERAv/KAJ9Jq3XpjNZr3ixbbjm0GozngFc56gCfcsai
xukh2MxbvHzV8JMI9r1lWdc=
=0dYP
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message