I am including the zip file that I got from Wrox's Professional JSP book. This zip has the source code for the Tomcat Interceptor that they wrote to handle ldap auth.
It comes with config files and more instructions. I believe you have to put the ldapAuthCheck.class into com/mjwilcox as the source code indicates. I have modified the source code for this file and that is my second attachment. Compare them and try to get them to work and we can talk from there.
If you want to read about Tomcat Interceptors so we would see how to fit our effort in the process.
Ahmed.
Peter_Anders�n <[EMAIL PROTECTED]> wrote:
Hi
I can be included on this.
I have built a bean for doing contextless login into LDAP.
It maybe could be useful for this, but i need to understand what do you need
for the plugins to work.
I have not been looking at this much so if someone could enlight my on the
subject i could check.
/Peter
----- Original Message -----
From: "Fernando Padilla" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 26, 2001 5:30 PM
Subject: Re: Authentication to LDAP
>
> Tomcat 3.x uses Interceptors and thus the SecurityCheck.
>
> Tomcat 4.x uses Generalized Security handling code with pluggable Realm
> classes ( realms are access points into user authentication, authorization
> information ). Realms are pluggable under the conf/server.xml file.
>
> There is a SimpleRealm class, and a JDBCRealm class. Maybe someone should
> volunteer a JAASRealm and LDAPRealm for normal users to use...
>
> fern
>
>
>
>
>
> On Sun, 25 Feb 2001, Falcon cheetah wrote:
>
> >
> > Well, I extend SimpleRealm because I did not see securityCheck
anywhere in the tomcat tree, and I assumed it was modified. And it works for
me :)
> >
> > What is JAAS? And I am not sure if writing and intercepter qualifies as
a project.
> >
> > I guess what we need to do is to get the wrox code to work for us and
then modify it to do more general auth with ldap. I saw that there is a huge
amount of bad coding in that wrox class and I am waiting to see it working
so I would do a whole rewrite.
> >
> > I guess if you want us to launch a project for this we have to start
putting the word on the tomcat-dev, rather than tomcat-users, someone would
give us the heads on there.
> >
> >
> >
> > Regards.
> >
> > Ahmed.
> >
> >
> > Martin Smith <[EMAIL PROTECTED]>wrote:
> > OK, I've read over ldapAuthCheck.java (by Mark Wilcox, apparently.) I
> > pretty well understand everything there, except I have a blank spot in
> > knowledge of the Tomcat architecture. Which means I don't understand
> > why you had to extend simpleRealm instead of securityCheck.
> >
> > Obviously, neither this class nor Tomcat implements JAAS. I'm assuming
> > that's because they were built before JAAS was defined. They're also
> > much simpler than the total pluggable-authentication-module framework
> > implemented by JAAS. That's cool, since I don't need all that stuff
> > anyhow. It's nice that the user name and password are just passed as
> > strings in the call to checkPassword(), for example.
> >
> > So--What needs doing? I've never worked on a project so I don't know the
> > rules.
> >
> > (The only thing I know I'd like to change is to add flexibility to use
> > the "mail" attribute as the userID instead of the "UID" attribute.)
> >
> > Martin
> >
> >
> > Falcon cheetah wrote:
> >
> > > Martin,
> > >
> > > There is a good material about LDAP with Tomcat from Wrox's
> > > Professional JSP. There are two chapters that talk about this, and on
> > > chapter 15 they write a tomcat interceptor to do this task. I am
> > > currently trying to squeez sometime to test that. If you want to
> > > download the source code from their site and take a look at it.
> > >
> > > I know they have few issues with their interceptor. For example I had
> > > to make the class extend SimpleRealm instead of CheckSecurity.
> > >
> > > If you want to play with it and we can cooporate on expanding this
> > > code or put it in a seperate project if you want. If not I am glad to
> > > point out this great book to you and everyone else.
> > >
> > >
> > >
> > > Ahmed.
> > >
> > > Martin Smith wrote:
> > >
> > > I have been patiently lurking and waiting to see some news
> > > on the
> > > existence of a way to do Servlet container (ie Tomcat)
> > > authentication
> > > against an LDAP source of security info.
> > >
> > > I even posted an RFP at one of these freelancer sites
> > > (ants.com) to have
> > > one built. No credible responses.
> > >
> > > Limited though I am at programming java (or anything), I'm
> > > considering
> > > trying to build one myself. But I thought I'd ask one last
> > > time: is
> > > there a JNDI or LDAP Interceptor in the works anywhere?
> > >
> > > If not, any advice on the scope of the project? Do I just
> > > get the
> > > JDBCRealm source and analogize? (Sure hope we don't need
> > > threads! And
> > > callbacks sound hard, too.)
> > >
> > > TIA,
> > >
> > > martin
> > >
> > >
> > >
> > > -
> > > -------------------------------------------------------------------
> > >
> > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > For additional commands, email:
> > > [EMAIL PROTECTED]
> > >
> > >
> >
> -----------------------------------------------------------------------
> > > Do You Yahoo!?
> > > Yahoo! Auctions - Buy the things you want at great prices!
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> >
> >
> >
> > ---------------------------------
> > Do You Yahoo!?
> > Yahoo! Mail Personal Address - Get email at your own domain with Yahoo!
Mail.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
Do You Yahoo!?
Yahoo! Mail Personal Address - Get email at your own domain with Yahoo! Mail.
code.zip--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
