How can a JSP get access to the authenticate method of a request
interceptor, such as JDBCRealm ?
Is there also a way for a JSP to find out which interceptor is handling
authentication.
I want users to enter their userID and password values, add these details to
the database that JDBCRealm is configured to use, and do an automatic
authenticate to allow them access to protected parts of the application.
Thanks,
Cathy
> ----------
> From: Craig R. McClanahan[SMTP:[EMAIL PROTECTED]]
> Reply To: [EMAIL PROTECTED]
> Sent: 24 January 2001 23:10
> To: [EMAIL PROTECTED]
> Subject: Re: RequestInterceptor authenticate and authorize. Need
> advise
>
> "Roytman, Alex" wrote:
>
> > Hello,
> >
> > As I understand, RequestInterceptor.authenticate() and authorize() get
> > called every time a protected resource is being accessed. Does it mean
> > tomcat do not cache user/roles after first authentication?
> >
>
> Tomcat 4.0 caches the authenticated principal in the current session (if
> there
> is one) -- otherwise, it authenticates on every request. I don't believe
> that
> this feature got back-ported to 3.2.
>
> >
> > Should I perform actual authentication every time (which is awfully
> resource
> > consuming) or could I assume that if (request.getRemoteUser() != null)
> user
> > has been authenticated.
> >
> > something like this:
> > if (request.getRemoteUser() == null) {
> > //perform authentication
> > }
> >
> > the same question with authorize. What is the best way to handle it. Can
> I
> > cache roles using request.getRemoteUser() as a key?
> >
>
> You want to do something like this, in case some previous interceptor (or
> the
> Apache connector) did the authentication -- but if you're running Tomcat
> standalone, for example, you'll find that getRemoteUser() is never going
> to be
> set (unless 3.2 really does cache and I've just got amnesia about it :-),
> because your interceptor is the only place it will ever get set.
>
> >
> > Is user principal container wide or context wide?
> >
>
> For 3.2, it's container-wide. For 4.0, it depends on where you define the
> <Realm> element -- you can make it webapp-wide, virtual-host-wide, or
> container-wide.
>
> >
> > Thank you very much in advance
> >
> > Alex Roytman
> >
>
> Craig McClanahan
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
