get the source form tomcat 4.x,
then go look at:
// Realm interface
src/catalina/src/share/org/apache/catalina/Realm.java
// basic realm that most extend
src/catalina/src/share/org/apache/catalina/realm/RealmBase.java
// and other example realms ( where the LDAP, et al will live in )
src/catalina/src/share/org/apache/catalina/realm/*
good luck
fern
On Mon, 26 Feb 2001, [iso-8859-1] Peter Anders�n wrote:
> Hi
> I can be included on this.
> I have built a bean for doing contextless login into LDAP.
> It maybe could be useful for this, but i need to understand what do you need
> for the plugins to work.
> I have not been looking at this much so if someone could enlight my on the
> subject i could check.
>
> /Peter
> ----- Original Message -----
> From: "Fernando Padilla" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, February 26, 2001 5:30 PM
> Subject: Re: Authentication to LDAP
>
>
> >
> > Tomcat 3.x uses Interceptors and thus the SecurityCheck.
> >
> > Tomcat 4.x uses Generalized Security handling code with pluggable Realm
> > classes ( realms are access points into user authentication, authorization
> > information ). Realms are pluggable under the conf/server.xml file.
> >
> > There is a SimpleRealm class, and a JDBCRealm class. Maybe someone should
> > volunteer a JAASRealm and LDAPRealm for normal users to use...
> >
> > fern
> >
> >
> >
> >
> >
> > On Sun, 25 Feb 2001, Falcon cheetah wrote:
> >
> > >
> > > Well, I extend SimpleRealm because I did not see securityCheck
> anywhere in the tomcat tree, and I assumed it was modified. And it works for
> me :)
> > >
> > > What is JAAS? And I am not sure if writing and intercepter qualifies as
> a project.
> > >
> > > I guess what we need to do is to get the wrox code to work for us and
> then modify it to do more general auth with ldap. I saw that there is a huge
> amount of bad coding in that wrox class and I am waiting to see it working
> so I would do a whole rewrite.
> > >
> > > I guess if you want us to launch a project for this we have to start
> putting the word on the tomcat-dev, rather than tomcat-users, someone would
> give us the heads on there.
> > >
> > >
> > >
> > > Regards.
> > >
> > > Ahmed.
> > >
> > >
> > > Martin Smith <[EMAIL PROTECTED]> wrote:
> > > OK, I've read over ldapAuthCheck.java (by Mark Wilcox, apparently.) I
> > > pretty well understand everything there, except I have a blank spot in
> > > knowledge of the Tomcat architecture. Which means I don't understand
> > > why you had to extend simpleRealm instead of securityCheck.
> > >
> > > Obviously, neither this class nor Tomcat implements JAAS. I'm assuming
> > > that's because they were built before JAAS was defined. They're also
> > > much simpler than the total pluggable-authentication-module framework
> > > implemented by JAAS. That's cool, since I don't need all that stuff
> > > anyhow. It's nice that the user name and password are just passed as
> > > strings in the call to checkPassword(), for example.
> > >
> > > So--What needs doing? I've never worked on a project so I don't know the
> > > rules.
> > >
> > > (The only thing I know I'd like to change is to add flexibility to use
> > > the "mail" attribute as the userID instead of the "UID" attribute.)
> > >
> > > Martin
> > >
> > >
> > > Falcon cheetah wrote:
> > >
> > > > Martin,
> > > >
> > > > There is a good material about LDAP with Tomcat from Wrox's
> > > > Professional JSP. There are two chapters that talk about this, and on
> > > > chapter 15 they write a tomcat interceptor to do this task. I am
> > > > currently trying to squeez sometime to test that. If you want to
> > > > download the source code from their site and take a look at it.
> > > >
> > > > I know they have few issues with their interceptor. For example I had
> > > > to make the class extend SimpleRealm instead of CheckSecurity.
> > > >
> > > > If you want to play with it and we can cooporate on expanding this
> > > > code or put it in a seperate project if you want. If not I am glad to
> > > > point out this great book to you and everyone else.
> > > >
> > > >
> > > >
> > > > Ahmed.
> > > >
> > > > Martin Smith wrote:
> > > >
> > > > I have been patiently lurking and waiting to see some news
> > > > on the
> > > > existence of a way to do Servlet container (ie Tomcat)
> > > > authentication
> > > > against an LDAP source of security info.
> > > >
> > > > I even posted an RFP at one of these freelancer sites
> > > > (ants.com) to have
> > > > one built. No credible responses.
> > > >
> > > > Limited though I am at programming java (or anything), I'm
> > > > considering
> > > > trying to build one myself. But I thought I'd ask one last
> > > > time: is
> > > > there a JNDI or LDAP Interceptor in the works anywhere?
> > > >
> > > > If not, any advice on the scope of the project? Do I just
> > > > get the
> > > > JDBCRealm source and analogize? (Sure hope we don't need
> > > > threads! And
> > > > callbacks sound hard, too.)
> > > >
> > > > TIA,
> > > >
> > > > martin
> > > >
> > > >
> > > >
> > > > -
> > > > -------------------------------------------------------------------
> > > >
> > > > To unsubscribe, e-mail:
> > > > [EMAIL PROTECTED]
> > > > For additional commands, email:
> > > > [EMAIL PROTECTED]
> > > >
> > > >
> > >
> > -----------------------------------------------------------------------
> > > > Do You Yahoo!?
> > > > Yahoo! Auctions - Buy the things you want at great prices!
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, email: [EMAIL PROTECTED]
> > >
> > >
> > >
> > > ---------------------------------
> > > Do You Yahoo!?
> > > Yahoo! Mail Personal Address - Get email at your own domain with Yahoo!
> Mail.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
