RE: Sense of realm element in login-config
This is what I want to do: 1) I want to setup a database which includes multiple realms 2) user are linked to realms 3) I want to use protect a servlet with basic authentication, and I want to be able refer to the correct realm when performing the authentication (this means sending the correct realm/user to the database. And I don't want to do this by hacking the tomcat configuration files. I didn't see the original post, but just Craig's answer. I'm not sure exactly what you want, but I did something similar that required NO modification of the tomcat mechanisms. My goal was to allow users to log in with domain\userid to the same application (and use the domain to show them different data) and allow each domain to have its own set of users (e.g. same userid) and be managed independently. I did this with only a couple of minor modifications: My login.jsp collects domain, userid and password. It uses a simple JavaScript one-liner to concatenate domain\userid to create j_username (I use a '\', but you can use any separator char you want (don't use ':' since HTTP uses that as the userid:password separator.). If you want to use BASIC authentication to do this you just need to enter domain\userid as the userid. In the database I use the domain\userid as the 'userid' that I tell Tomcat about in the Realm statement (actually I use an Oracle view to concat the two fields, but that isn't important). This creates multiple user 'domains' very simply but does require the user to enter a domain name in addition to userid and password. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Sense of realm element in login-config
Hi, I do understand that it is shown the browser, but that is about all. But my problem is that from within the servlet container I cannot do anything with it. For example, I cannot retrieve it and pass it on to the authentication module, for example JDBCRealm. Yes, you can but then you have to manipulate the web.xml file yourself? Is this really the case? Regards, -- Dirk ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sense of realm element in login-config
It's not clear what you want to know. Perhaps you should take another look at the documentation. You can authenticate people against a database, the XML file is just a simple example. From a servlet you can find out what username they logged in as and which realms they have access too. What exactly do you need to change from a servlet? Hamish -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 9:24 AM To: Tomcat Users List Subject: Re: Sense of realm element in login-config Hi, I do understand that it is shown the browser, but that is about all. But my problem is that from within the servlet container I cannot do anything with it. For example, I cannot retrieve it and pass it on to the authentication module, for example JDBCRealm. Yes, you can but then you have to manipulate the web.xml file yourself? Is this really the case? Regards, -- Dirk ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sense of realm element in login-config
This is what I want to do: 1) I want to setup a database which includes multiple realms 2) user are linked to realms 3) I want to use protect a servlet with basic authentication, and I want to be able refer to the correct realm when performing the authentication (this means sending the correct realm/user to the database. And I don't want to do this by hacking the tomcat configuration files. Regards, -- Dirk ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ** -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Sense of realm element in login-config
On Wed, 27 Feb 2002 [EMAIL PROTECTED] wrote: Date: Wed, 27 Feb 2002 09:24:03 +0100 From: [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: Sense of realm element in login-config Hi, I do understand that it is shown the browser, but that is about all. Yes, that *is* all it is used for. The servlet container doesn't use it for anything else. But my problem is that from within the servlet container I cannot do anything with it. For example, I cannot retrieve it and pass it on to the authentication module, for example JDBCRealm. That is correct. The assumption is that your application's security will be based on the roles associated with the authenticated users. If you tied it to the realm element from the login-config, you'd be requiring the use of BASIC or DIGEST authentication, because that is the only place the pop-up window is displayed on the browser. Yes, you can but then you have to manipulate the web.xml file yourself? Is this really the case? Sure, you have to edit web.xml (either manually or using an IDE) for this purpose, or for lots of other things. Regards, -- Dirk Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Sense of realm element in login-config
On Wed, 27 Feb 2002 [EMAIL PROTECTED] wrote: Date: Wed, 27 Feb 2002 13:15:11 +0100 From: [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: RE: Sense of realm element in login-config This is what I want to do: 1) I want to setup a database which includes multiple realms 2) user are linked to realms 3) I want to use protect a servlet with basic authentication, and I want to be able refer to the correct realm when performing the authentication (this means sending the correct realm/user to the database. And I don't want to do this by hacking the tomcat configuration files. For Tomcat 4, you should create a Context element (in server.xml) for each webapp, and put a different Realm element inside it for each app that has different sets of users. For example, you could set things up with different user tables (or set up views in your database that expose the subset of users for that particular webapp). Regards, -- Dirk Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Sense of realm element in login-config
[EMAIL PROTECTED] wrote: Hi, Can anyone explain the use of realms in basic authentication. One can specify the name of a realm in the login-config of the web.xml but apparently this is not used since there is no standard JAVA API to pass this the servlet container. What is the sense of having it when it is not really used? This is the realm name shown in the browser. See section 'SRV.12.5.1 HTTP Basic Authentication' and 'SRV.13 Deployment Descriptor' of servlet spec. Rgds Antony -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]