Nope, I just use form-based authentication - the realm is irrelevant. I call request.getRemoteUser() to get the user's information and then look it up in a database (could be ldap). Tomcat does the authorization for me.
> -----Original Message----- > From: awc [mailto:[EMAIL PROTECTED] > Sent: Friday, March 21, 2003 3:06 PM > To: Tomcat Users List > Subject: Re: Custom JDBCRealm > > > may be this is dumb question. So do you run two filters? one > for authticate and > to check authorization and other to load the customo objects?? > > Thanks Matt.. > > .anil > > // user authenticated, empty user object > if ((username != null) && (userForm == null)) { > ses = getSession(); > > UserManager mgr = > new UserManagerImpl((String) > ctx.getAttribute(Constants.DAO_TYPE)); > UserForm user = mgr.getUser(ses, username); > session.setAttribute(Constants.USER_KEY, user); > > > > > > > > "Raible, Matt" wrote: > > > Why not just add a filter that has the same <url-pattern> > as your protected > > resource. I do this, and if there's not a user object in > the session, I > > populate it from a database. > > > > Example at http://tinyurl.com/7xb1 > > > > HTH, > > > > Matt > > > > > -----Original Message----- > > > From: awc [mailto:[EMAIL PROTECTED] > > > Sent: Friday, March 21, 2003 2:42 PM > > > To: 'Tomcat Users List' > > > Subject: Custom JDBCRealm > > > > > > > > > Hi, > > > > > > I want to add more stuff to user session while user logs > in. The only > > > way I see to do this is to write custom JDBCRealm class > which extnds > > > org.apache.catalina.realm.JDBCRealm or implement > > > org.apache.catalina.realm.RealmBase class. > > > > > > This custom class will have more initializing parameters too. Any > > > thoughts on this from one who already did sort of thing?? > > > > > > I am going to use this one with securityFilere from > > > www.securityfilter.org. > > > > > > Thank you in advance for any replies. > > > > > > .anil > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]