Per-context authentication database
Hi, It is possible to have a per-context authentication database, especially one that does not have to be configured using server.xml ? This is the sort of scenario I am looking at: A WAR file is added to the webapps directory, and on restarting Tocmat will be deployed. It contains all of the information necessary for it to function, including its own password database (and maybe even the database drivers). There is no need to modify the server.xml in any way. The very important catch here is that I want to use Tomcat's support for form logon - that is, the form-logon- page and logon-error-page in the web.xml, and all that jazz. I do not intend writing my own logic to handle the authentication! Can this be done? If it can't, would it be possible to do it by making a new RequestInterceptor? Twylite
Re: Per-context authentication database
Hi, My comments relate to tomcat 3, not 4 but the same principles apply. Twylite wrote: Hi, It is possible to have a per-context authentication database, especially one that does not have to be configured using server.xml ? This is the sort of scenario I am looking at: A WAR file is added to the webapps directory, and on restarting Tocmat will be deployed. It contains all of the information necessary for it to function, including its own password database (and maybe even the database drivers). There is no need to modify the server.xml in any way. Can this be done? I have written a JAAS Realm which is configured in the usual way in server.xml. e.g. RequestInterceptor className=com.teamware.phoenix.security.JAASRealm JAASConfigEntry=other debug=99 / The server.xml attributes specify defaults for all contexts. However, specific attributes can be configured in web.xml for each web app, such as context-param param-nameJAASConfigEntry/param-name param-valuetest/param-value /context-param to override the default. In the realm implementation authenticate() I just do stuff like Context ctx = req.getContext(); String jaasConfigEntry = ctx.getInitParameter(jaasConfigKey); which allows context specific authentication. I guess it's easy enough to modify the JDBC realm so that you can use different databases per context using this mechanism or write your own realm. The very important catch here is that I want to use Tomcat's support for form logon - that is, the form-logon-page and logon-error-page in the web.xml, and all that jazz. I do not intend writing my own logic to handle the authentication! I'm not sure what you mean by not wanting to write your own logic to handle the authentication. JDBC realm simply does string comparison between two passwords. Authentication in the JAAS Realm is handled by the JAAS Login module. The form login support is not really relevant, I think all the realm implementations I've seen support both form/basic auth. Rgds -- Antony Bowesman Teamware Group [EMAIL PROTECTED] tel: +358 9 5128 2562 fax: +358 9 5128 2705
Re: Per-context authentication database
Hi, I sortof answered my own question, by writing my own Realm to do the trick. But I'm having some trouble :/ to override the default. In the realm implementation authenticate() I just do stuff like Context ctx = req.getContext(); String jaasConfigEntry = ctx.getInitParameter(jaasConfigKey); Interestingly I'm doing something almost exactly like that ... but no matter what page/context I'm accessing I appear to be getting the root context from req.getContext() . Any suggestions? I'm not sure what you mean by not wanting to write your own logic to handle the authentication. JDBC realm simply does string comparison Many in the Great Unwashed Masses seem oblivious to the existance of Tomcat's logon handling, and write their own code in JSPs with lots of If...Thens to check if the person is logged on, and authenticate in their own way against their own database(s). i.e. not using Realms at all. Thanks, Twylite
Re: Per-context authentication database
Hi, Twylite wrote: Context ctx = req.getContext(); String jaasConfigEntry = ctx.getInitParameter(jaasConfigKey); Interestingly I'm doing something almost exactly like that ... but no matter what page/context I'm accessing I appear to be getting the root context from req.getContext() . Any suggestions? Have you got the different contexts defined in server.xml? I'm not sure what you mean by not wanting to write your own logic to handle the authentication. JDBC realm simply does string comparison Many in the Great Unwashed Masses seem oblivious to the existance of Tomcat's logon handling, and write their own code in JSPs with lots of If...Thens to check if the person is logged on, and authenticate in their own way against their own database(s). i.e. not using Realms at all. Given the paucity of documentation, it's not surprising! Antony
Re: Per-context authentication database
Hi, Thanks for the reply. Interestingly I'm doing something almost exactly like that ... but no matter what page/context I'm accessing I appear to be getting the root context from req.getContext() . Any suggestions? Have you got the different contexts defined in server.xml? Yes. Of course ... I should probably have consulted my configuration before jumping to conclusions ... let's just say I changed the root context to my development directory, and wasn't expecting Ctx ( ) for it ;) *hits head and weeps in shame* But everything's working fine now ;) It was working fine before ... I just didn't know it. Shees. Twylite