Thankyou for the responses, they've been helpful. What do you folks think the best design would be to auth an application to our database based on the following information;
Presently we have a custom login module that authenticates users to our database using JDBC. However we really need to integrate the auth to our AD. I have setup and tested a JNDI realm successfully, however a neccessary condition is that once AD auth is established they still need to be logged into the database server as that user (which might not necessarily exist in the db and thus should fail). Option 1: Login Module to auth to db using JDBC. Oracle users are auth against the directory using something called Oracle directory services. Option 2: Handled entirely by Login Module by firstly auth to AD, then auth to Db using the username. My preference I think is option 2, but can anyone think of a better method? Thank you for your responses. Cheers, Geofrey. -----Original Message----- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, 8 July 2009 12:51 a.m. To: Tomcat Users List Subject: Re: FW: JAAS Realm with JDBC Authentication Geofrey Rainey wrote: > I am confused about integrating the JAAS Login Module with HTTP basic > auth. I was under the impression that one had to handle this in a > custom callback handler. > However I'm now > under the impression that the JAASRealm has a built-in callback hander > that does this. > Is this correct? Yes. It also handles DIGEST, FORM and CLIENT-CERT. Where the integration / extension is required is to hook into your user database. The JAASRealm only hooks into tomcat-users.xml. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ========================================================== For more information on the Television New Zealand Group, visit us online at tvnz.co.nz ========================================================== CAUTION: This e-mail and any attachment(s) contain information that is intended to be read only by the named recipient(s). This information is not to be used or stored by any other person and/or organisation. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
