tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: j_security_check-behaviour - looking for workaround
Date Tue, 02 Dec 2008 16:24:27 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregor,

Gregor Schneider wrote:
> Hi Chris,
> 
> On Tue, Dec 2, 2008 at 4:13 PM, Christopher Schultz
> <chris@christopherschultz.net> wrote:
>> For Securityfilter's next version, we are attempting to make it easy to
>> implement it as a Tomcat Valve, which should allow things like SSO.
>>
> Do you have any information when this next version will be available?

Nope. It's all in my head and scratch source files at this point. I'm
trying to basically re-architect the entire source to make it more
extensible, etc. and it's tough because of all the dependencies modules
have on one another.

For instance, the credential-gathering mechanism (like
FormAuthenticator) can't really be de-coupled from the actual
authentication mechanism (like JDBC) cleanly because they need to agree
on the credential format. For instance, Form-based auth doesn't make any
sense to use with client certificate authentication checking. But, it
might make sense to accept either client-cert OR form-based auth OR even
a remember-me-style login from a previous session.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk1YTsACgkQ9CaO5/Lv0PCOBACggnwOD8V4JNg/VRr8xPkXsQTH
oHIAmwSwzeVc/vpCq1qPWdE4IC2zl2uJ
=GsiY
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message