Re: Authentication and authorization questions

2007-09-21 Thread jmuller
to change the SQL statement. See source here: http://www.nabble.com/file/p12820411/DataSourceRealm.java DataSourceRealm.java (free to use/modify/comment) ! -- View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12820411 Sent from

Re: Authentication and authorization questions

2007-09-21 Thread Martin Gainty
possible OpenSessionInViewFilter problem which version hibernate are you implementing with? M-- - Original Message - From: jmuller [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Friday, September 21, 2007 9:14 AM Subject: Re: Authentication and authorization questions

Re: Authentication and authorization questions

2007-09-21 Thread jmuller
OpenSessionInViewFilter problem which version hibernate are you implementing with? M-- - Original Message - From: jmuller [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Friday, September 21, 2007 9:14 AM Subject: Re: Authentication and authorization questions Christopher

Re: Authentication and authorization questions

2007-09-21 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jean, jmuller wrote: I've written my own DataSourceRealm that overwrite Tomcat's one, and put the jar in server/lib. It only overwrites the getRoles() method to change the SQL statement. See source here:

Re: Authentication and authorization questions

2007-08-30 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lb, lightbulb432 wrote: But if the login and login-error pages are the same page (meaning that when someone fails an access check they get redirected to the login-error page, which is actually the login page where they must re-enter their

Re: Authentication and authorization questions

2007-08-29 Thread Glenn McCall
Below... I hope it helps Glenn Mc - Original Message - From: lightbulb432 [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Wednesday, August 29, 2007 2:33 PM Subject: Authentication and authorization questions I have several questions about authentication and authorization

Re: Authentication and authorization questions

2007-08-29 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lb, lightbulb432 wrote: Where does Tomcat authentication fit into the request processing lifecycle? Does it happen before even the very first filter gets called? Yes. It's implemented as a Valve that runs before any of your code gets a chance to

Re: Authentication and authorization questions

2007-08-29 Thread lightbulb432
, but the project looks inactive enough that I'm not going to hold my breath. I tried looking for other Java servlet security products or projects, but nothing really came up. Any thoughts on this all? -- View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698

Authentication and authorization questions

2007-08-28 Thread lightbulb432
I have several questions about authentication and authorization in Tomcat below, so answer only what you can :) Thanks. Where does Tomcat authentication fit into the request processing lifecycle? Does it happen before even the very first filter gets called? What happens just before and just