tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vikul Khosla <>
Subject JAAS Realm Help
Date Wed, 05 Apr 2006 16:56:06 GMT

Trying to get a custom login through a JAAS

Got the authentication to work (confirmed thru
println()), but get back a HTTP
unauthorized error in the browser.

Gets to the commit() of LoginModule, where I add
a "Principal" based on the one "role" defined in
tomcats web.xml ... same as SampleLoginModule example.

How does authorization work in general once you have
a authenticated user ? Ideally, don't want to list any
users or Roles in *any* tomcat config file. Possible ?


Background INfo
1) Have a <security-constraint> in web.xml 
2) Also have a <auth-constraint>, with one role
3) This role is also listed in <security-role>

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message