File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Tomcat and the fly likes Custom Tomcat Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Custom Tomcat Authentication" Watch "Custom Tomcat Authentication" New topic

Custom Tomcat Authentication

Benjamin Hill

Joined: May 25, 2004
Posts: 2
Currently I'm implementing a custom authentication mechanism for Tomcat and I'd like to be able to use part custom / part container methods.

I'd like to authenticate a user myself, then use the container to perform request.isUserInRole("foo") method calls based upon the "subject" I create in the authentication phase.

After looking at the Catalina source, it seems that the container uses the current realm to authenticate a user, and creates a GenericPrincipal encapsulating the user's username, roles etc. It is then seeming added to a org.apache.catalina.Session as a "note".

I have implemented a JAAS login module etc to perform this authentication, and I am producing a Subject. I wondered is there was anything I could do to this Subject to "store" it in Tomcat to allow the container to know about it.
I agree. Here's the link:
subject: Custom Tomcat Authentication
It's not a secret anymore!