tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat and parallel security realms
Date Fri, 14 Mar 2008 18:50:55 GMT
Hash: SHA1


Juergen Weber wrote:
| the idea you sketched depends on the constructor being called with a
| list of realms. Is that so?

Not necessarily. Most objects that represent elements in server.xml have
no-arg constructors and then setFoo() methods on them. I would imagine
that you could write a setRealm() method on your new realm
implementation and allow it to be called multiple times (more of an
addRealm, really, but I think setRealm is what you'll likely get). You
might have to change the digester rules to allow <realm> within a
<realm>, though.

| Probably one would have to get the surrounding container with
| Realm.getContainer() and browse the whole nested container tree to get
| all realms.

You could do that, but I'm not sure how you would identify all the
realms that should be included (versus those that should not be).

| So, a delegating realm seems not that easy. Anyway, I think the
| feature of using several realms should be in the server core.

Like I said, I'm sure the Tomcat folks would accept a sample
implementation if you wrote one. The alternative is to write your own
essentially from scratch.

- -chris

Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message