Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

A couple of questions

 
John Eric Hamacher
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi:

I have a couple of questions about authentication.

1) <realm-name> is ignored if <auth-method> is FORM. In that case, what realm does FORM authenticate against?

2) Can a JAAS Login Module be used as a realm in FORM authentication? If so, how does the container know to assocaite a realm with the FORM authentication?

3) Assuming 2) is true, do the Principal objects created by the login module get saved automatically in the session?

Hope I was clear enough. Thanks.

Eric
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As to #1, the realm name isn't used anywhere, but is it really ignored? (I'm not sure, but I could envision it being used behind the scenes.)

As to #2, realms are set up in the server.xml file. Which realm is used makes no difference to the kind of authentication being used.

As to #3, Principals are not saved in sessions, but they are being made available by the server through a method in the HttpServletRequest object.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic