tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: j_security_check-behaviour - looking for workaround
Date Tue, 02 Dec 2008 16:24:27 GMT
Hash: SHA1


Gregor Schneider wrote:
> Hi Chris,
> On Tue, Dec 2, 2008 at 4:13 PM, Christopher Schultz
> <> wrote:
>> For Securityfilter's next version, we are attempting to make it easy to
>> implement it as a Tomcat Valve, which should allow things like SSO.
> Do you have any information when this next version will be available?

Nope. It's all in my head and scratch source files at this point. I'm
trying to basically re-architect the entire source to make it more
extensible, etc. and it's tough because of all the dependencies modules
have on one another.

For instance, the credential-gathering mechanism (like
FormAuthenticator) can't really be de-coupled from the actual
authentication mechanism (like JDBC) cleanly because they need to agree
on the credential format. For instance, Form-based auth doesn't make any
sense to use with client certificate authentication checking. But, it
might make sense to accept either client-cert OR form-based auth OR even
a remember-me-style login from a previous session.

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message