tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat and parallel security realms
Date Fri, 14 Mar 2008 18:50:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

J├╝rgen,

Juergen Weber wrote:
| the idea you sketched depends on the constructor being called with a
| list of realms. Is that so?

Not necessarily. Most objects that represent elements in server.xml have
no-arg constructors and then setFoo() methods on them. I would imagine
that you could write a setRealm() method on your new realm
implementation and allow it to be called multiple times (more of an
addRealm, really, but I think setRealm is what you'll likely get). You
might have to change the digester rules to allow <realm> within a
<realm>, though.

| Probably one would have to get the surrounding container with
| Realm.getContainer() and browse the whole nested container tree to get
| all realms.

You could do that, but I'm not sure how you would identify all the
realms that should be included (versus those that should not be).

| So, a delegating realm seems not that easy. Anyway, I think the
| feature of using several realms should be in the server core.

Like I said, I'm sure the Tomcat folks would accept a sample
implementation if you wrote one. The alternative is to write your own
essentially from scratch.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkfayQ8ACgkQ9CaO5/Lv0PDUEACgqNNrRM4JKTDFcVE9ZqTX/qDW
ZpYAn14lOAPk89xoV8amonsYlDOPvPoN
=KtnJ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message