I think this suggestion has been made for other questions, and I'll make
it here. You can always extend the simpleRealm or JDBRealm class to
handle such a process.
~Rob
Drasko Kokic wrote:
>
> Craig, this looks really great (still having some
> minor problems using JDBCRealm instead of the
> SimpleRealm on the security example)
>
> I was wondering if somebody (you?) have already come
> across the following requirement:
>
> We have already implemented portal protection
> (multiple sites within same domain) using encripted
> cookies. The central Authentication Servlet is
> checking and also actualising the cookie credentals.
> A simple JSP code fragment is being included on each
> protected page so that request cannot be made
> directly.
> Reading about the Servlet API 2.3 I have noticed
> something called "filters" which looks very much like
> what we are doing now (except that the URI's don't
> need to look like
> /AuthServlet?page=/some/where/something.jsp anymore)
>
> Would it be possible in current Tomcat 3.2 to protect
> context with a Realm which would check on cookie and
> pass on to the protected logic the proprietary cookie
> data values?
>
> Thanks in advance
>
> Drasko
>
> --- "Craig R. McClanahan"
> <[EMAIL PROTECTED]> wrote:
> > Jim Urban wrote:
> >
> > > I am running Tomcat with Apache on NT. I have a
> > servlet context which
> > > contains three servlets and their supporting
> > classes. All the .class files
> > > have been "jared" and the .jar file placed in the
> > web-inf/lib directory. I
> > > have set up my web.xml file to find the servlets
> > an pass them init params
> > > just fine. I now need to limit access to the
> > servlets to different groups
> > > of users. How do I set this up? Can someone
> > please send me a sample of
> > > "<security-constraint>" section (is this where it
> > gets done?) of a web.xml
> > > file?
> > >
> >
> > The "examples" web application that comes with
> > Tomcat has a <security-constraint> set
> > up on the path
> >
> >
> http://localhost:8080/examples/jsp/security/protected
> >
> > which will trigger form-based login. See
> > "$TOMCAT_HOME/webapps/examples/WEB-INF/web.xml".
> > The requirements (and another example) are found in
> > the Servlet Specification, version
> > 2.2, at
> >
> <http://java.sun.com/products/servlet/download.html>.
> >
> > For Tomcat, the default location for information
> > describing users, passwords, and
> > roles is in a text file named
> > $TOMCAT_HOME/conf/tomcat-users.xml. It is also
> > possible
> > to configure Tomcat to use a database for username
> > lookups (using the JDBCRealm
> > class), or to write your own custom Realm
> > implementation to look anywhere else.
> >
> > NOTE: If you are running Tomcat behind Apache in
> > the usual fashion (i.e. having
> > Apache serve static resources), *only* the dynamic
> > requests that are actually
> > forwarded to Tomcat will be protected by these
> > constraints.
> >
> > > Jim Urban
> >
> > Craig McClanahan
> >
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
--
_______________________________________
Robert Wohleb
Web Applications Development Manager
Parafoil Software, Inc.
_______________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
