File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Win a copy of
REST with Spring (video course)
this week in the
A couple of questions
John Eric Hamacher
Joined: Apr 25, 2007
Apr 01, 2009 12:01:41
I have a couple of questions about authentication.
1) <realm-name> is ignored if <auth-method> is FORM. In that case, what realm does FORM authenticate against?
2) Can a JAAS Login Module be used as a realm in FORM authentication? If so, how does the container know to assocaite a realm with the FORM authentication?
3) Assuming 2) is true, do the Principal objects created by the login module get saved automatically in the session?
Hope I was clear enough. Thanks.
Joined: Mar 22, 2005
Apr 15, 2009 11:45:31
As to #1, the realm name isn't used anywhere, but is it really ignored? (I'm not sure, but I could envision it being used behind the scenes.)
As to #2, realms are set up in the server.xml file. Which realm is used makes no difference to the kind of authentication being used.
As to #3, Principals are not saved in sessions, but they are being made available by the server through a method in the HttpServletRequest object.
I agree. Here's the link:
subject: A couple of questions
Example Code for JAAS with JBoss? Got it to work by "fudging." How do Right?
How to specify j_uri
Problems with FORM Authentication
j_security_check 404 error
req.isUserInRole("admin"); return false??
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2015