Michiel,
you are programming your own login trigger in a filter - I don't this
this will work (although I'm happy to be wrong).
I think tomcat is only going to adopt your principals as authenticated
if you protect whichever pages necessary via security-constraints in the
deployment descriptor.
Adam,
I've been at this all day, and I seem to be banging my head against a
really well-constructed wall. I followed your advice by going the
security-constraints/Realm route.
I've build a minimal JAAS implementation which, in combination with
JAASRealm, works fine for *authentication*.
I'm no expert on the internals of tomcat, sorry. You might be looking at
a hole in the implementation. I haven't used the JAAS authorization
policy mechanism, I rely solely on roles.
Adam
On 04/06/2004 05:18 PM Michiel Toneman wrote:
Adam,
I've been at this all day, and I seem to be banging
Hi All,
The company I work for is attempting to move from JRun 3/4 to Tomcat
5.0.19. So far it has been smooth sailing, and the migration is going
better than expected.
However, before the migration we were about to deploy a JAAS framework
on JRun 4. This framework doesn't seem to work at all