I was reading through the code, the session has a note on it with the password.
I actually already wrote a custom realm implementation... I wanted to join the sessions all by using the session ID, which the realm doesn't have, which is why I figured at the creation of the session would be the best place. Honesly, I've already replaced a bunch of classes with my own, trying to do so without changing any Tomcat source, (by referencing them in through configuration). Since it's for a commercial project, and I don't think that we'll be wanting to give away the source (Does the Apache license require that?). I was considering extending GenericPrincipal in just such a manner in order to achieve that effect... 1 problem, is that safe security wise? Principal seems to get passed around a lot. Justin -----Original Message----- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Monday, December 01, 2003 8:38 PM To: Tomcat Users List Subject: Re: Argument Type Mismatch ahha - the session won't have the password. But the Realm will. (or might not depending on implementation). Actually - the Principal could have the password if it extends GenericPrincipal. If not, you could extend the Realm to ensure it does. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/realm/GenericPrincipal.html -Tim Hart, Justin wrote: > I need access to the user's password, which all of the Servlet specific ones seem to > guard the programmer from getting access to. > > Justin > > -----Original Message----- > From: Tim Funk [mailto:[EMAIL PROTECTED] > Sent: Monday, December 01, 2003 8:10 PM > To: Tomcat Users List > Subject: Re: Argument Type Mismatch > > > Ahh, I see. Why implement SessionListener which is tomcat specific when you > can implement the Servlet specific ones in web.xml? > > Look at the code for SingleSignOn or any code that utilizes it as to how a > SessionListener gets registered. I am guessing that you'll actuall need to > implement a no-op Vavle that registers the Listener on initialization of the > Vavle. But thats just a no code look swag. > > -Tim > > Hart, Justin wrote: > > >>I thought that there was something related to that, is it that it must implement >>LifeCycleListener & SessionListener, or is SessionListener just not happening? How >>is it possible, if at all, to add my own SessionListener? >> >>Justin >> >>-----Original Message----- >>From: Tim Funk [mailto:[EMAIL PROTECTED] >>Sent: Monday, December 01, 2003 7:29 PM >>To: Tomcat Users List >>Subject: Re: Argument Type Mismatch >> >> >>In server.xml, Listeners are LifeCycleListeners >>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/LifecycleListener.html >> >>-Tim >> >> >>Hart, Justin wrote: >> >> >> >>> <Listener className="class inheriting from SessionListener"/> >>> >>>I get an argument type mismatch error parsing my server.xml... Is there something >>>wrong with this line? >>> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
