tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Poornachandran <chandran.poo...@gmail.com>
Subject Re: Use the tomcat authentification mecanisms in a webapp
Date Tue, 21 Feb 2006 09:34:29 GMT
Okay, I see your point.

But, if a user requests a secure page without logging in, how will you 
find out? Are you using a Servlet Filter or something?

Poorna

David Delbecq wrote:

>Hello Poornachandran,
>
>as i said webapp X manage authentification all by itself (basically
>using it's own providers, so there is now security constraint and so on
>in the web.xml, webapp does not use container managed security, and i
>have no control over this, closed source webapp), but it provides an
>extension mecanism (implement a given interface). I'd like to implement
>a simple class that just do something like
>tomcatContainer.checkCredentials(user,userprovidedpass), which will
>check those credentials against configured realm. Or, if i have no other
>choice, will instanciate the realm, configure it and use it. (I just
>hope don't need to do that, this sound awfull).
>
>So, obviously, in webapp, a request.getUserPrincipal() will always
>return null.
>
>Poornachandran a écrit :
>
>  
>
>>Hi David,
>>
>>I am just wondering after your app authenticates, are you able to get
>>not-null from request.getUserPrincipal(). I understand this is how the
>>container understands that user is logged on or not.
>>
>>Poorna
>>
>>David Delbecq wrote:
>>
>>    
>>
>>>Hello,
>>>
>>>I probably will have the following webapp structure to configure
>>>- webapp X manage authentification all by itself (using forms and so on)
>>>but provide a way to configure your own credential using a quite basic
>>>checkPassword(user,pass) interface.
>>>- Tomcat is able to authenticate all my users for now (connecting to a
>>>ldap-like JNDI structure)
>>>
>>>Is there a way from the webapp to call tomcat api and have it check a
>>>user/password according to configured realm?
>>>
>>>Thanks.
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>> 
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message