tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Possible to Authenticate from Servlet/Webapp Code?
Date Tue, 07 Dec 2004 15:51:15 GMT

The Spec-mandated, and therefore portable, approach is via the web.xml
declarative security.

The Tomcat-specific way would mean you navigate down the container
hierarchy, starting with ServerFactory.getServer, down to Service,
Engine, Host, to find your Realm object.  You could probably do this
once on your app startup, e.g. in a listener or filter init.

Yoav Shapira

>-----Original Message-----
>From: []
>Sent: Tuesday, December 07, 2004 10:45 AM
>Subject: Possible to Authenticate from Servlet/Webapp Code?
>Is there a way to authenticate a user to the container (including SSO)
>within a servlet? Something like:
>protected void service(HttpServletRequest req, HttpServletResponse
resp) {
>    Realm tomcatRealm = //how to get the realm???
>    tomcatRealm.authenticate("dauser", "dauserspassword");
>    ...
>Other Info:
>I know how to configure the custom login pages, etc., but I need a way
>authenticate in two places at once, due to a legacy application.
>It seems like this should be easy to do, so I expect I'm missing
>obvious, but I simply can't figure out how to do it. I've been
>a while...
>While standards-based would be better, a Tomcat-specific way would be
>as well.
>Tim Sawlor
>To unsubscribe, e-mail:
>For additional commands, e-mail:

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message