wood burning stoves 2.0*
The moose likes Tomcat and the fly likes Custom Tomcat Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Custom Tomcat Authentication" Watch "Custom Tomcat Authentication" New topic
Author

Custom Tomcat Authentication

Benjamin Hill
Greenhorn

Joined: May 25, 2004
Posts: 2
Currently I'm implementing a custom authentication mechanism for Tomcat and I'd like to be able to use part custom / part container methods.

I'd like to authenticate a user myself, then use the container to perform request.isUserInRole("foo") method calls based upon the "subject" I create in the authentication phase.

After looking at the Catalina source, it seems that the container uses the current realm to authenticate a user, and creates a GenericPrincipal encapsulating the user's username, roles etc. It is then seeming added to a org.apache.catalina.Session as a "note".

I have implemented a JAAS login module etc to perform this authentication, and I am producing a Subject. I wondered is there was anything I could do to this Subject to "store" it in Tomcat to allow the container to know about it.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Custom Tomcat Authentication
 
Similar Threads
User signin to the certificate
Web app Security Confusion
Using JAAS to authenticate tomcat users
JAAS vs Form Based Authentication vs LDAP
Web Applications and JAAS