anita kulshreshtha wrote:
Oops! I apologize for the keyboard malfunction. Please ignore my other mail. --- Jeff Genender <[EMAIL PROTECTED]> wrote:
anita kulshreshtha wrote:
--- Jeff Genender <[EMAIL PROTECTED]> wrote: <snip>
the jetty like webapp classloader would not work.
Thanks for the info., I will dig deeper into this.
We should be able to use Tomcat's security. Its
just a matter of declaring the proper realm. The realm model
supports pluggable security components, so this should work fine.
I do not see why we need to do that. Geronimo
already provides equivalents of memory, JDBC and JAAS
realms. Earlier there was a conversation about
Geronimo providing LDAP based authentication. Am I
missing something?
The point is that the security model is pluggable. If you want to use Geronimo's security, then the Realms have been created for you to do so (i.e. TomcatJAASRealm for JAAS and TomcatGeronimoRealm for JACC). If you wish to use another (non-Geronimo) security model, just be sure there is an appropriate Realm class. If you want to use Tomcat's security only, then feel free to use those Tomcat Realms (although the Tomcat's version of the JAAS Realm...JAASRealm...will not use JAAS correctly with Geronimo, thus the TomcatJAASRealm object has been created, which does).
Your question about why we need to do this is answered more from the perspective that Tomcat was written to allow a declarative, pluggable, security model. I guess this is a good feature that comes with Tomcat and I surely would not want to make an effort to remove it.
As for LDAP, I cannot directly answer that as I was not a part of the conversation in the past. But I can answer, that from a Geronimo/Tomcat security perspective, the easiest route here is to write a Geronimo client Login Module. No code changes would be needed in Tomcat at all. The TomcatJAASRealm and/or TomcatGeronimoRealm will be happy to interface with this login module.
Thanks Anita
__________________________________ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com
-- Jeff Genender http://geronimo.apache.org
