Re: Authorization on Apache Tomcat the J2ee Way.
Arun wrote: On 10/5/07, Pid [EMAIL PROTECTED] wrote: Arun wrote: I have a tomcat 6 installed. I have a running webapplication . I need to implement a role based access control. How can I combine servers capabilities so that I can use the request.getPrincipal() method ... I also have a list of roles and groups and who all are assigned what all roles/groups in db. Now its time to implement an access control mechanism. I do not want Basic authentication with a popup. I will be logging in by a normal html sign in form, with a username and password field. Once that is done everything should be the J2EE way. The roles for that user should get added to the request and I can use it for authorization. Form based authentication, part of the servlet spec, is what you are referring to. Google is your friend. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html That is tied down to a server. I have my own db scheme as well as different servers to deploy. I cannot use tomcat specific Realm class. Are there any other solutions? any links ? Well, that is J2EE for you; things are standard for the application (code, deployment - to some extent), but implementation specific for the container configuration. So, if you're planning to support an application for multiple servers, you're bound to see various ways to configure things - but your application code will be the same for each container. What that page describes is how to configure Tomcat to provide you with the infrastructure needed for (form-based) login. How to configure some other container will be documented in the proper documentation for that other container. As for having your own database schema, you may need to prepare to have slightly different schemas for different containers. The other solution would be to provide either JAAS plugins or full realm implementations for all the containers you plan to support. For Tomcat, apparently the JAAS plugin would be the way to go. -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authorization on Apache Tomcat the J2ee Way.
Hi, I have a tomcat 6 installed. I have a running webapplication . I need to implement a role based access control. How can I combine servers caabilities so that I can use the request.getPrincipal() method ... I also have a list of roles and groups and who all are assigned what all roles/groups in db. Now its time to implement an access control mechanism. I do not want Basic authentication with a popup. I will be logging in by a normal html sign in form, with a username and password field. Once that is done everything should be the J2EE way. The roles for that user should get added to the request and I can use it for authorization. -- Thanks Arun George
Re: Authorization on Apache Tomcat the J2ee Way.
Arun wrote: Hi, I have a tomcat 6 installed. I have a running webapplication . I need to implement a role based access control. How can I combine servers caabilities so that I can use the request.getPrincipal() method ... I also have a list of roles and groups and who all are assigned what all roles/groups in db. Now its time to implement an access control mechanism. I do not want Basic authentication with a popup. I will be logging in by a normal html sign in form, with a username and password field. Once that is done everything should be the J2EE way. The roles for that user should get added to the request and I can use it for authorization. Form based authentication, part of the servlet spec, is what you are referring to. Google is your friend. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html p - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authorization on Apache Tomcat the J2ee Way.
That is tied down to a server. I have my own db scheme as well as different servers to deploy. I cannot use tomcat specific Realm class. Are there any other solutions? any links ? On 10/5/07, Pid [EMAIL PROTECTED] wrote: Arun wrote: Hi, I have a tomcat 6 installed. I have a running webapplication . I need to implement a role based access control. How can I combine servers caabilities so that I can use the request.getPrincipal() method ... I also have a list of roles and groups and who all are assigned what all roles/groups in db. Now its time to implement an access control mechanism. I do not want Basic authentication with a popup. I will be logging in by a normal html sign in form, with a username and password field. Once that is done everything should be the J2EE way. The roles for that user should get added to the request and I can use it for authorization. Form based authentication, part of the servlet spec, is what you are referring to. Google is your friend. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html p - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks Arun George
RE: Authorization on Apache Tomcat the J2ee Way.
From: Arun [mailto:[EMAIL PROTECTED] Subject: Re: Authorization on Apache Tomcat the J2ee Way. I cannot use tomcat specific Realm class. Again, read the servlet spec. If you can't accomplish what you need within that structure, then anything you do will be container-specific, regardless of the container employed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authorization on Apache Tomcat the J2ee Way.
Take a look at Acegi Security for Spring Framework, http://acegisecurity.org/ It is a complete, container non-specific framework. The web part of it is configured as a filter (a chain of filters) in your web.xml. The SecurityContextHolderAwareRequestFilter class there publishes acegi-specific security context into HttpRequest, so that the principal is available as request.getPrincipal(), etc. You may start by running the examples available there. Although I have never tried to configure it without Spring Framework, but it nevertheless may be worth looking at. -- Best regards, Konstantin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]