wood burning stoves 2.0
The moose likes Tomcat and the fly likes Custom Tomcat Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Custom Tomcat Authentication" Watch "Custom Tomcat Authentication" New topic

Custom Tomcat Authentication

Benjamin Hill

Joined: May 25, 2004
Posts: 2
Currently I'm implementing a custom authentication mechanism for Tomcat and I'd like to be able to use part custom / part container methods.

I'd like to authenticate a user myself, then use the container to perform request.isUserInRole("foo") method calls based upon the "subject" I create in the authentication phase.

After looking at the Catalina source, it seems that the container uses the current realm to authenticate a user, and creates a GenericPrincipal encapsulating the user's username, roles etc. It is then seeming added to a org.apache.catalina.Session as a "note".

I have implemented a JAAS login module etc to perform this authentication, and I am producing a Subject. I wondered is there was anything I could do to this Subject to "store" it in Tomcat to allow the container to know about it.
I agree. Here's the link: http://aspose.com/file-tools
subject: Custom Tomcat Authentication
It's not a secret anymore!