tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Custom realm.authenticate() that would work with any realm - possible?
Date Fri, 09 Dec 2011 03:18:59 GMT
This is a followup to an earlier thread, "Do any of the Tomcat LDAP-type realms support "no
password" authentication?". 
As I mentioned in that earlier thread, I'm still new to Tomcat, and still trying to find my
way around, and understand (somewhat) its security design, so apologies in advance if my terminology
is incorrect. 
I've been experimenting with writing what I think is called a custom realm, that would have
a "no password" authenticate() method. 
What I think that I've been able to do is to implement a new realm where all I do in my code
is override the uthenticate(Context, string, string) method. 
For my initial attempt, I'm just extending the JNDIRealm, and just overriding that one method,
and I think that this works. 
However, ideally, I really want to be able to do this (override the authenticate() method
with any of the default realms that come with Tomcat, whereas with the approach that I'm currently
working (extending the JNDIRealm), in order to do this for all the different realm types,
I'd have to implement something similar, with a custom realm corresponding to each of the
Tomcat realm types. 
That might be ok, but I was wondering if there might, perhaps, be another way to do what I'm
trying to do (basically have an realm.authenticate() method that doesn't require a password,
but that would work with any realm? 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message