tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Johanson <>
Subject Re: Calling Realm.authenticate() doesn't register Principal in with the Session??
Date Tue, 07 Feb 2006 04:56:58 GMT
Mark Thomas wrote:
> Given users are going to have to modify their app to use this library,
> not modifying the associated context.xml looks to be a nice to have
> requirement that is making things more difficult. Removing this
> requirement opens up a number of alternative implementation options
> including custom realms.
> Mark

Mark, are you saying that you agree, or disagree, with the usefulness of 
the idea?

Your point about 'users have to modify their app' is true, but a one 
time requirement, and thereafter their app will be compatible with 
whatever underlying realm impl is used, which I find enticing. Currently 
there is no mechanism (that I can see) to programtically perform login - 
say from an html form - this 'new' proposed method fills that. And by 
the same token, a user would already have to modify their app (to use a 
custom POST url or form names or redirect), with the built-in form based 
login (or subclass of it's impl), so that doesn't seem to be a drawback.

Sorry to be redundant of you're already agreeing with the idea.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message