I guess what I'm trying to ask after thinking about it more....How would I go about writing my own Realm to manage authorization.....because I already have the authentication (single sign-on) piece through using jcifs.....I'm not sure where to start.... I want to call isUserInRole() and have tomcat check Active Directory and a Database (the intranet is another interface for an application that we have that has a fat client and this application uses a database for storing info)....i was hoping to get a little insight into how I can code a realm for just the authorization piece.....
Thanx Russ -----Original Message----- From: Pitre, Russell Sent: Thursday, January 22, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: jcifs and security realm discussion. Hello all- I am really puzzled right now and was hoping you all could shed some light onto me. I am developing a corporate intranet. I have jcifs ntlm http filter ( http://jcifs.samba.org/ ) working for me and all seems to be working fine. I can call getRemoteUser() and get the domain and username for the user. Which is great, I can use the username to tie into AD and get that persons security groups to determine access to certain job specific functions on the intranet (btw, all clients are IE). But, I'm concerned. My question does not really have to do with jcifs but with security realms. I ultimately want to isUserInRole("role") within my jsp's to determine access (I think). But I'm confused as to go about implementing such a scheme. I was thinking that I may have to write a custom realm but I'm not sure if this is the right way to go about it. With jcifs I can use the username from getRemoteUser() and use that to lookup which security groups that user is member and determine my access this way. But I'm really skeptical of this scenario. Does anyone have any suggestions or ideas for my situation? Thanx in advance Russ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
