I'd like to do that but I'll need first the LDAPAuthCheck source ;-)
La prise de conscience de votre propre ignorance est un grand pas vers la
connaissance.
-- Benjamin Disraeli
>-----Original Message-----
>From: Fernando Padilla [mailto:[EMAIL PROTECTED]]
>Sent: Monday, February 26, 2001 5:31 PM
>To: [EMAIL PROTECTED]
>Subject: Re: Authentication to LDAP
>
>
>
>Tomcat 3.x uses Interceptors and thus the SecurityCheck.
>
>Tomcat 4.x uses Generalized Security handling code with pluggable Realm
>classes ( realms are access points into user authentication,
>authorization
>information ). Realms are pluggable under the conf/server.xml file.
>
>There is a SimpleRealm class, and a JDBCRealm class. Maybe
>someone should
>volunteer a JAASRealm and LDAPRealm for normal users to use...
>
>fern
>
>
>
>
>
>On Sun, 25 Feb 2001, Falcon cheetah wrote:
>
>>
>> Well, I extend SimpleRealm because I did not see
>securityCheck anywhere in the tomcat tree, and I assumed it
>was modified. And it works for me :)
>>
>> What is JAAS? And I am not sure if writing and intercepter
>qualifies as a project.
>>
>> I guess what we need to do is to get the wrox code to work
>for us and then modify it to do more general auth with ldap. I
>saw that there is a huge amount of bad coding in that wrox
>class and I am waiting to see it working so I would do a whole rewrite.
>>
>> I guess if you want us to launch a project for this we have
>to start putting the word on the tomcat-dev, rather than
>tomcat-users, someone would give us the heads on there.
>>
>>
>>
>> Regards.
>>
>> Ahmed.
>>
>>
>> Martin Smith <[EMAIL PROTECTED]> wrote:
>> OK, I've read over ldapAuthCheck.java (by Mark Wilcox, apparently.) I
>> pretty well understand everything there, except I have a
>blank spot in
>> knowledge of the Tomcat architecture. Which means I don't understand
>> why you had to extend simpleRealm instead of securityCheck.
>>
>> Obviously, neither this class nor Tomcat implements JAAS.
>I'm assuming
>> that's because they were built before JAAS was defined. They're also
>> much simpler than the total pluggable-authentication-module framework
>> implemented by JAAS. That's cool, since I don't need all that stuff
>> anyhow. It's nice that the user name and password are just passed as
>> strings in the call to checkPassword(), for example.
>>
>> So--What needs doing? I've never worked on a project so I
>don't know the
>> rules.
>>
>> (The only thing I know I'd like to change is to add
>flexibility to use
>> the "mail" attribute as the userID instead of the "UID" attribute.)
>>
>> Martin
>>
>>
>> Falcon cheetah wrote:
>>
>> > Martin,
>> >
>> > There is a good material about LDAP with Tomcat from Wrox's
>> > Professional JSP. There are two chapters that talk about
>this, and on
>> > chapter 15 they write a tomcat interceptor to do this task. I am
>> > currently trying to squeez sometime to test that. If you want to
>> > download the source code from their site and take a look at it.
>> >
>> > I know they have few issues with their interceptor. For
>example I had
>> > to make the class extend SimpleRealm instead of CheckSecurity.
>> >
>> > If you want to play with it and we can cooporate on expanding this
>> > code or put it in a seperate project if you want. If not I
>am glad to
>> > point out this great book to you and everyone else.
>> >
>> >
>> >
>> > Ahmed.
>> >
>> > Martin Smith wrote:
>> >
>> > I have been patiently lurking and waiting to see some news
>> > on the
>> > existence of a way to do Servlet container (ie Tomcat)
>> > authentication
>> > against an LDAP source of security info.
>> >
>> > I even posted an RFP at one of these freelancer sites
>> > (ants.com) to have
>> > one built. No credible responses.
>> >
>> > Limited though I am at programming java (or anything), I'm
>> > considering
>> > trying to build one myself. But I thought I'd ask one last
>> > time: is
>> > there a JNDI or LDAP Interceptor in the works anywhere?
>> >
>> > If not, any advice on the scope of the project? Do I just
>> > get the
>> > JDBCRealm source and analogize? (Sure hope we don't need
>> > threads! And
>> > callbacks sound hard, too.)
>> >
>> > TIA,
>> >
>> > martin
>> >
>> >
>> >
>> > -
>> > -------------------------------------------------------------------
>> >
>> > To unsubscribe, e-mail:
>> > [EMAIL PROTECTED]
>> > For additional commands, email:
>> > [EMAIL PROTECTED]
>> >
>> >
>> >
>-----------------------------------------------------------------------
>> > Do You Yahoo!?
>> > Yahoo! Auctions - Buy the things you want at great prices!
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, email: [EMAIL PROTECTED]
>>
>>
>>
>> ---------------------------------
>> Do You Yahoo!?
>> Yahoo! Mail Personal Address - Get email at your own domain
>with Yahoo! Mail.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
