tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: JAAS getRemoteUser security custom
Date Tue, 18 May 2010 15:55:19 GMT
On 18/05/2010 15:42, Neville Peter wrote:
> The authentication will take place without any user intervention. For example, from a
request parameter or cookie value.
> 
> BTW, I have just managed to get it to work by using a custom Valve that extends AuthenticatorBase
and uses my JAAS realm. The valve adds the principal to the request and this in turn allows
getRemoteUser() to work in the servlet.
> 
> Is this the missing link between using JAAS and still supporting getRemoteUser()? Or
is there a standard way of doing this?

Using a Valve will give you access to the the internal model of the
request, so you can set Principals etc.

I had the impression that a full JAAS implementation gave you access to
the request and enabled the use of a Realm, but maybe it isn't what you
need.

The SecurityFilter project might be worth a look, before you commit to
rolling your own.


p




>> Why is a callbackhandler not required?
>>
>>
>> p
> 
> 
> 
>       
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



Mime
View raw message