Re: Adding new realms : Assigning a name

Mon, 08 Jan 2001 12:06:21 -0800 

"Bragg, Casey" wrote:

> In Tomcat 3.2...
>
> How does the auth-method name "JDBCRealm" get associated with the JDBCRealm
> class?
>

It doesn't.

The <auth-method> you use in your web.xml file is used to choose the mechanism
by which the username/password dialog is presented to the user.  Only the
standard four choices are available (BASIC, DIGEST, FORM, and CLIENT-CERT).  And
Tomcat 3.2 only supports BASIC and FORM.

What you need to do is tell Tomcat:  "whenever I need to authenticate a user,
look here for the users, passwords, and roles information."  This is done by a
configuration entry in the server.xml file.  You will see an entry for the
simple realm:

    <RequestInterceptor
        className="org.apache.tomcat.request.SimpleRealm"
        debug="0"/>

that you need to comment out, and replace with an entry for the JDBCRealm.
There are several commented-out examples in the standard server.xml that you can
use as a model for your own entry.

>
> Is the list of available realm names derived from the class name (i.e. the
> name of any class on the class path that extends BaseInterceptor is a valid
> realm name?)
>
> In short, provided I have a class called XYZRealm that extends
> BaseInterceptor on my classpath, does anything need to be done to associate
> the auth-method name "XYZRealm" with the class XYZRealm?  Is the following
> configuration all that is needed?
>
> ... in server.xml
>         <RequestInterceptor className="mypackage.XYZRealm" />
>
> ... in a protected webapp's web.xml (Here is the question...
>     <login-config>
>     <auth-method>XYZRealm</auth-method>
>      <realm-name>Example XYZ-Based Authentication Area</realm-name>
>      <form-login-config>
>          <form-login-page>/jsp/security/login/login.jsp</form-login-page>
>          <form-error-page>/jsp/security/login/error.jsp</form-error-page>
>      </form-login-config>
>      </login-config>
>

As discussed above, the login <auth-method> you use is completely independent of
where the usernames database is.  For Tomcat 3.2, the (single) realm you define
is global to all webapps -- in Tomcat 4.0 you can configure individual realms
for individual webapps.

> Casey Bragg - Software Engineer
>

Craig McClanahan



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to