• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Custom Tomcat Authentication

 
Benjamin Hill
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Currently I'm implementing a custom authentication mechanism for Tomcat and I'd like to be able to use part custom / part container methods.

I'd like to authenticate a user myself, then use the container to perform request.isUserInRole("foo") method calls based upon the "subject" I create in the authentication phase.

After looking at the Catalina source, it seems that the container uses the current realm to authenticate a user, and creates a GenericPrincipal encapsulating the user's username, roles etc. It is then seeming added to a org.apache.catalina.Session as a "note".

I have implemented a JAAS login module etc to perform this authentication, and I am producing a Subject. I wondered is there was anything I could do to this Subject to "store" it in Tomcat to allow the container to know about it.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic