Re: [Rife-users] Using Tomcat Authentication with Rife

Mon, 14 Nov 2005 13:09:41 -0800 

AFAIK Tomcat authentication should just work.
I however don't fully understand what benefit you would get from it, besides the downside of tying your authentication scheme to one particular servlet container. 


I suppose I'm missing something, can you give me pore details about  
what it would bring you over RIFE's authentication?


On 14-nov-05, at 21:59, F Baube wrote:


Has anyone tried using Rife with any of Tomcat's authentication
mechanisms ?  In particular, forms-based authentication ?

Authentication by Tomcat is attractive to me because (AFAICT) it
could then also cleanly handle the authentication process that is
expected by a WebDAV editor.  Then I would have a "single sign-on"
that controls access both to my existing URL space and also to a
new URL space which would speak to WebDAV-capable standalone
editors using WebDAV-based content access:

        <element id="DAV"  file="myapp/dav.xml"  url="/dav/*" />

I could access Tomcat's authentication data at runtime in order
to perform access control within the WevDAV URL space that is as
fine-grained as I wish.

(Note that since forms-based login credentials are sent in the
 clear, it should be done over an HTTPS connection.)

This has the potential to be much simpler than trying to integrate
 any WebDAV codebase that is even remotely connected to Jakarta
Slide, except for (*perhaps*) the Slide WCK translation layer.

It would require that Tomcat is configured with a login form URL
and a login failure URL, whcih could both (AFAICT) be served up
by Rife.  These are described at


  http://www.cafesoft.com/products/cams/tomcat- 
security.html#Form_Based_Authentication


and an example "web.xml" is given at

  http://servlets.com/jservlet2/examples/ch08b/web.xml

The idea then would be to transfer responsibility for authenticating
access to my servlet's entire URL space (both WebDAV and non-WebDAV)
from Rife to Tomcat.


Any relevant code, ideas, tips, or criticism would be quite welcome.


--
Geert Bevin                       Uwyn bvba
"Use what you need"               Avenue de Scailmont 34
http://www.uwyn.com               7170 Manage, Belgium
gbevin[remove] at uwyn dot com    Tel +32 64 84 80 03

PGP Fingerprint : 4E21 6399 CD9E A384 6619  719A C8F4 D40D 309F D6A9
Public PGP key  : available at servers pgp.mit.edu, wwwkeys.pgp.net


_______________________________________________
Rife-users mailing list
Rife-users@uwyn.com
http://www.uwyn.com/mailman/listinfo/rife-users






















					Reply via email to