tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Delbecq <de...@oma.be>
Subject Re: Use the tomcat authentification mecanisms in a webapp
Date Tue, 21 Feb 2006 09:39:01 GMT
That's the job of the webapp :)

All i see in my point of view is a user / pass checking method to
implement (for information the webapp uses osuser authentification
mecanism. So i have to provide an implementation of
com.opensymphony.user.provider.CredentialsProvider which negociate it
with tomcat. (Please note i only want to check password, i let the
webapp manage the role system all by itself)



Poornachandran a écrit :

> Okay, I see your point.
>
> But, if a user requests a secure page without logging in, how will you
> find out? Are you using a Servlet Filter or something?
>
> Poorna
>
> David Delbecq wrote:
>
>> Hello Poornachandran,
>>
>> as i said webapp X manage authentification all by itself (basically
>> using it's own providers, so there is now security constraint and so on
>> in the web.xml, webapp does not use container managed security, and i
>> have no control over this, closed source webapp), but it provides an
>> extension mecanism (implement a given interface). I'd like to implement
>> a simple class that just do something like
>> tomcatContainer.checkCredentials(user,userprovidedpass), which will
>> check those credentials against configured realm. Or, if i have no other
>> choice, will instanciate the realm, configure it and use it. (I just
>> hope don't need to do that, this sound awfull).
>>
>> So, obviously, in webapp, a request.getUserPrincipal() will always
>> return null.
>>
>> Poornachandran a écrit :
>>
>>  
>>
>>> Hi David,
>>>
>>> I am just wondering after your app authenticates, are you able to get
>>> not-null from request.getUserPrincipal(). I understand this is how the
>>> container understands that user is logged on or not.
>>>
>>> Poorna
>>>
>>> David Delbecq wrote:
>>>
>>>   
>>>
>>>> Hello,
>>>>
>>>> I probably will have the following webapp structure to configure
>>>> - webapp X manage authentification all by itself (using forms and
>>>> so on)
>>>> but provide a way to configure your own credential using a quite basic
>>>> checkPassword(user,pass) interface.
>>>> - Tomcat is able to authenticate all my users for now (connecting to a
>>>> ldap-like JNDI structure)
>>>>
>>>> Is there a way from the webapp to call tomcat api and have it check a
>>>> user/password according to configured realm?
>>>>
>>>> Thanks.
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>>>
>>>>     
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>   
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>  
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message