Hi Amit,
Firstly I'm assuming your comfortable with java (rather than just jsp)
programming.
Also you are going to need a source distribution of tomcat.
If you have that then in TOMCAT_HOME/src/org/apache/tomcat/request
you will be able to see the source code for the authentication modules
provided. To create your own in 3.2 you create a subclass of BaseInterceptor.
( in tomcat 4.0 I believe class hierachy has changed you need to subclass
org.apache.catalina.realm.RealmBase ). As I said the easiest way to do this
is just copy whichever Realm best fits your needs- I think SimpleRealm for you
- and create your own class by amending the source and adding the functionality
you need.
Now you are going to need to compile this class (with your encyrption
mechanism) and add it to tomcat. You can't just use javac to compile your
class becasue you need to include the other tomcat packages. I rather
simplemindely added all the jar files in TOMCAT_HOME/lib into
my CLASSPATH, then used javac and then added the class to webserver.jar
using jar. However I believee there is a better way - there is a build
script somewhere which you can run to create a fresh copy of tomcat
which will have your new authentication module. However I can't find it in
my distribution. As I said once you have added your custom functionality
into Tomcat then you need to edit server.xml to pick up your Realm class rather
than the default.
Sorry don't know of any documentation to help in any of this.
As an aside if you are using the xml file you are going to have be careful
to deal with concurrency issues in the coding of your new Realm class and
your user registration servlet (assuming this is what you are doing).
Andrew
On Wed, 07 Mar 2001, you wrote:
>
> Thanks Andrew,
>
> But,I'm using XML to store my whole data (this is requirement of the product)
> We are not at all using any database.
>
> So with this regard, would u like to comment something more ?
> Also can u suggest some resource for : creating my own cutomized "authentication
>module" ?
>
> Thanks in advance.
>
> Regards,
> -Amit.
>
> ----- Original Message -----
> From: Andrew Robson
> To: [EMAIL PROTECTED]
> Sent: Wednesday, March 07, 2001 3:37 PM
> Subject: Re: Form Based Authentication with Encryption
>
>
>
>
> Hi Amit,
> I'm using 3.2 so details may vary.
> What you want to do is write your own authentication module.
> Easier than it sounds. Just take a copy of the authentication module you
> are using (SimpleRealm?) to use as a base for your own code. Add in
> the functionality you want, compile and include in
> TOMCAT_HOME/lib/webserver.jar
> Edit server.xml to use your custom authentication module.
> Also, I'd recommend you look at JDBCRealm so that you can store usernames
> and passwords in a database. Quite apart from the other advantages you may
> then be able to take advantage of the db's encryption facilities (e.g.
> MySql's
> Password function) and save yourself the bother of writing your own.
>
> Hope this helps
> Andrew
>
> On Wed, 07 Mar 2001, you wrote:
> >
> > Hi All,
> >
> > I'm using tomcat 4.0 Beta1.
> > I successfully tested out the form based authentication provided with
> tomcat.
> >
> > But , the main problem with it is : It uses plain text to store
> users,roles and passwords
> > in the "tomcat-users.xml" file placed in TOMCAT_HOME\conf.
> >
> > Is there any plugin for tomcat to encrypt the passwords stored in this
> file ?
> > or is there any round-about to do so.
> >
> > Thanking you in advance.
> >
> > With Regards,
> > -Amit
> > E-Mail:[EMAIL PROTECTED]
> > Sansui Software Pvt. Ltd.,Pune
>
>
----------------------------------------
Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
===========================================
Andrew Robson
2/1
723 Pollockshaws Road
Glasgow G44 2AA
Tel: (0141) 424 0607
Mobile: 07759 430234
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
