tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Annie Guo <a...@appriss.com>
Subject RE: Programmatic Authentication?
Date Wed, 02 Jun 2004 15:29:27 GMT
Mind sharing your code?

-----Original Message-----
From: Victor R. Cardona [mailto:vcardona@covad.net]
Sent: Tuesday, June 01, 2004 9:44 PM
To: Tomcat Users List
Subject: Re: Programmatic Authentication?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Carl Howells wrote:
| Is it possible to set the Principal and Roles for a session in a manner
| which will satisfy a <role-name> security constraint programmatically?
| At all?  I don't mind ignoring the servlet spec and doing something
| tomcat-specific.  This is something that vitally needs to be done on my
| project.
|
| Thanks for any solutions...

I did it by writing a filter that wrapped the incoming
HttpServletRequest with a HttpServletRequestWrapper if the client's
session contained a token placed there when they logged in.  The token
is a subclass of java.security.Principal, and the
HttpServletRequestWrapper overrides the getRemoteUser() isUserInRole()
and getUserPrincipal() methods.

HTH,
Victor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAvTDt8MW+BaXrmuERAv/KAJ9Jq3XpjNZr3ixbbjm0GozngFc56gCfcsai
xukh2MxbvHzV8JMI9r1lWdc=
=0dYP
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message