tomcat-users mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	Poornachandran <chandran.poo...@gmail.com>
Subject	Re: Use the tomcat authentification mecanisms in a webapp
Date	Tue, 21 Feb 2006 09:34:29 GMT
Okay, I see your point. But, if a user requests a secure page without logging in, how will you find out? Are you using a Servlet Filter or something? Poorna David Delbecq wrote: >Hello Poornachandran, > >as i said webapp X manage authentification all by itself (basically >using it's own providers, so there is now security constraint and so on >in the web.xml, webapp does not use container managed security, and i >have no control over this, closed source webapp), but it provides an >extension mecanism (implement a given interface). I'd like to implement >a simple class that just do something like >tomcatContainer.checkCredentials(user,userprovidedpass), which will >check those credentials against configured realm. Or, if i have no other >choice, will instanciate the realm, configure it and use it. (I just >hope don't need to do that, this sound awfull). > >So, obviously, in webapp, a request.getUserPrincipal() will always >return null. > >Poornachandran a écrit : > > > >>Hi David, >> >>I am just wondering after your app authenticates, are you able to get >>not-null from request.getUserPrincipal(). I understand this is how the >>container understands that user is logged on or not. >> >>Poorna >> >>David Delbecq wrote: >> >> >> >>>Hello, >>> >>>I probably will have the following webapp structure to configure >>>- webapp X manage authentification all by itself (using forms and so on) >>>but provide a way to configure your own credential using a quite basic >>>checkPassword(user,pass) interface. >>>- Tomcat is able to authenticate all my users for now (connecting to a >>>ldap-like JNDI structure) >>> >>>Is there a way from the webapp to call tomcat api and have it check a >>>user/password according to configured realm? >>> >>>Thanks. >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>>For additional commands, e-mail: users-help@tomcat.apache.org >>> >>> >>> >>> >>> >>> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >>For additional commands, e-mail: users-help@tomcat.apache.org >> >> >> > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >For additional commands, e-mail: users-help@tomcat.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org
Mime	Unnamed text/plain (inline, 8-Bit, 2621 bytes)
	View raw message