tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Geofrey Rainey" <>
Subject RE: FW: JAAS Realm with JDBC Authentication
Date Tue, 07 Jul 2009 22:19:47 GMT
Thankyou for the responses, they've been helpful.

What do you folks think the best design would be to
auth an application to our database based on the
following information;

Presently we have a custom login module that authenticates
users to our database using JDBC. However we really need to
integrate the auth to our AD. I have setup and tested a
JNDI realm successfully, however a neccessary condition is
that once AD auth is established they still need to be logged
into the database server as that user (which might not necessarily
exist in the db and thus should fail).

Option 1: Login Module to auth to db using JDBC. Oracle users are
auth against the directory using something called Oracle directory

Option 2: Handled entirely by Login Module by firstly auth to AD,
then auth to Db using the username.

My preference I think is option 2, but can anyone think of a better

Thank you for your responses.


-----Original Message-----
From: Mark Thomas [] 
Sent: Wednesday, 8 July 2009 12:51 a.m.
To: Tomcat Users List
Subject: Re: FW: JAAS Realm with JDBC Authentication

Geofrey Rainey wrote:
> I am confused about integrating the JAAS Login Module with HTTP basic 
> auth. I was under the impression that one had to handle this in a 
> custom callback handler.
> However I'm now
> under the impression that the JAASRealm has a built-in callback hander

> that does this.
> Is this correct?

Yes. It also handles DIGEST, FORM and CLIENT-CERT. Where the integration
/ extension is required is to hook into your user database. The
JAASRealm only hooks into tomcat-users.xml.


To unsubscribe, e-mail:
For additional commands, e-mail:

For more information on the Television New Zealand Group, visit us
online at 
CAUTION:  This e-mail and any attachment(s) contain information that
is intended to be read only by the named recipient(s).  This information
is not to be used or stored by any other person and/or organisation.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message