Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 16663 invoked from network); 19 May 2010 09:26:22 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 19 May 2010 09:26:22 -0000 Received: (qmail 28903 invoked by uid 500); 19 May 2010 09:26:18 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 28669 invoked by uid 500); 19 May 2010 09:26:18 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 28660 invoked by uid 99); 19 May 2010 09:26:17 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 May 2010 09:26:17 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=AWL,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [87.248.114.184] (HELO web24202.mail.ird.yahoo.com) (87.248.114.184) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 19 May 2010 09:26:09 +0000 Received: (qmail 85643 invoked by uid 60001); 19 May 2010 09:25:47 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1274261147; bh=nW14+uPlQ09LfaxBkyAZYp5GoVKgvCour7qE3NYG1Y0=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=pbQ+tJPZDKx1niurhH07GyGLKXCaq0UQceZhPH0VDzsX6ruZbxCWFFIBlMqTqlYdeKYzpkCYySJzssM9PuG+JFQWWphUBAX3drB0CWySPZt552p9155MW1l7npAG3fsFI+mYiiuPfrITM5ncLZ2jGF+iqBgPyn1uHbyFlr83QiM= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=WaTkFXZtwjeG4E+/v4kGthTVkYBL6MmU9GbtMTZyof+lKJCkmCtgka24lGfSK8ovEmgiEk/mTnot4ayzJo1cjd84Kju8hsUpNT8eRytrob0Rky6dQOZocTcr46J9Z5Mydjjflfw9+I84K4MzsY10rG4SdKfkljSh6/IVR9NBcqI=; Message-ID: <103289.85275.qm@web24202.mail.ird.yahoo.com> X-YMail-OSG: z6xzWgcVM1lPfZgoQNzmMxjX5YNn5Zle57Zlm5O1T9NMMiG An9OvQNkKDHE3lXYFVZvyluLYQ4mjKeddlx6Hh7loD_MOaPEPzFh8u3LXqLI hV2oGx7o5vDdW09ZQCUp1bKkKrYA2iy7UwCcg4jMNH6KMe.LvoAYxCqf3xn0 uWtTwethLrxSRhsJH_t9.8jTUh3lpa090OVsFrwG2XR9L6PiNPXgfK1F.P9v KFyX8S0J6KUqQd1s.w34.cmRZ4dPjwbMHvVwCsYWTwmOqouARBK9JbnxMWr8 - Received: from [194.101.216.2] by web24202.mail.ird.yahoo.com via HTTP; Wed, 19 May 2010 09:25:47 GMT X-Mailer: YahooMailClassic/11.0.8 YahooMailWebService/0.8.103.269680 Date: Wed, 19 May 2010 09:25:47 +0000 (GMT) From: Neville Peter Subject: Re: JAAS getRemoteUser security custom To: Tomcat Users List , pid@pidster.com In-Reply-To: <4BF2B867.9050600@pidster.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi,=0A=0AI'm still not satisfied with the options so far and I'm sure I do = not fully understand it:=0A=0AAlthough the valve works in that I can set th= e principal on the catalina request, realm.authenticate("username","credent= ials") within the valve is not actually passing anything to my JAAS login m= odule although the login module is being used. Therefore, I can not current= ly authenticate the user within the JAAS module correctly as there appears = to be no data passed from the valve. Also, if I use the valve then what is = the point of the servlet using LoginContext.login()?=0A=0AIf I choose not t= o use a valve then I appear to not have any access to the request object wi= thin JAAS. =0AEven if I use org.apache.catalina.realm.JAASCallbackHandler, = I do not get access to the request. So how are you able to add the principa= l to the request like you can do with the valve?=0A=0ASecurityFilter not an= option as it does not support SSO.=0A=0AThanks for the comments so far.=0A= =0A=0A=0A=0A=0A> =0A> Using a Valve will give you access to the the interna= l=0A> model of the=0A> request, so you can set Principals etc.=0A> =0A> I h= ad the impression that a full JAAS implementation gave=0A> you access to=0A= > the request and enabled the use of a Realm, but maybe it=0A> isn't what y= ou=0A> need.=0A> =0A> The SecurityFilter project might be worth a look, bef= ore=0A> you commit to=0A> rolling your own.=0A> =0A> =0A> p=0A=0A=0A=0A = --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org