tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alessandro Ferrucci" <alessandroferru...@gmail.com>
Subject Re: Find out Who-I-Am for Realm User
Date Thu, 31 Jul 2008 13:14:43 GMT
Well actually, the proposed solution I suggested requires you to use a third
party project called SecurityFilter, which emulates container managed
security: http://securityfilter.sourceforge.net/.

When using securityFilter you are in control of setting SecurityFilter as a
custom servlet filter in your webapp, so you can layer another filter on top
of SecurityFilter to intercept the request and get all the information you
want (you need to do this because SecurityFilter clears the Session object
before re-directing to the original page).  What you are trying to do is
essentially intercept j_security_check which cannot be done very easily.
One other possible solution is subclassing the security realm (such as
JDBCRealm if you're using that) that you have configured in your tomcat
instance, and then configuring that new class in the Realm element in
server.xml.  I'm sure the implication of this are loss of portability but
I'm not sure you really care about that at this point.

The best documentation on learning these technologies is
http://tomcat.apache.org/tomcat-5.5-doc/index.html and google.


On Thu, Jul 31, 2008 at 12:57 AM, Guojun Zhu <zggame@gmail.com> wrote:

> Thank you.  I am using the basic authentication as the manager package of
> Tomcat. Something like this in the web.xml.
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>Tomcat INFORM Application</realm-name>
> </login-config>
>
>  I only know how to use the realm in the web.xml and servel.xml.  But I am
> really like to learn about this j_security.  Honestly, I am not fully
> understand what you say in the second part.  I know basic java stuff and
> know basic things about writing JSP web application and a little servlet.
> Where should I start to learn these?  Thanks.
>
> Sincerely
> Zhu, Guojun
>
> On Wed, Jul 30, 2008 at 5:08 PM, Alessandro Ferrucci <
> alessandroferrucci@gmail.com> wrote:
>
> > What authentication method are you using?  I'll take a wild guess at
> form.
> > This thread provides a few workaround solutions for this:
> >
> > http://www.theserverside.com/discussions/thread.tss?thread_id=32033
> >
> > I suggest looking into writing your own filter and placing it above
> > SecurityFilter in the stack and intercepting the redirect made by the
> > security filter by subclassing HttpServletResponseWrapper.
> >
> >
> > On Wed, Jul 30, 2008 at 3:58 PM, Guojun Zhu <zggame@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > I am using realm for the authorization of my web application.  I would
> > like
> > > to include a administration section for things like modifying the user
> > > profile or password.   I have several different user names associated
> > with
> > > two different roles.  Both roles give the pass to the web pages.  I am
> > > wondering whether I can find out who is the login user in realm?  So I
> do
> > > not need the user to provide it again to entering the admin part.  I am
> > > using Tomcat 5.5 on a linux box.  Thanks.
> > >
> > > Sincerely
> > > Zhu, Guojun
> > >
> >
> >
> >
> > --
> > Signed,
> > Alessandro Ferrucci :)
> >
>



-- 
Signed,
Alessandro Ferrucci :)

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message