This is great news! I'll definitely check it out.
mfs
"Roytman, Alex" wrote:
>
>
> JndiRealm for Tomcat
>
> Please download ALPHA version of JndiRealm (compiled and source code)
> from
> http://peacetech.com/java/files/apache/tomcat/jndi-auth.html
>
> JndiRealm authenticates and Authorizes users against JNDI. It was
> developed and tested
> against LDAP JNDI (Sun's and Netscape's jndi provider)
> JndiRealm looks for exactly one user name matching jndiSearchFilter +
> usename in entire subtree
> of jndiInitialContext and use tomcat supplied credentials to
> authenticate.
> If succesful, it will fetch user roles using JNDI attributes listed in
> jndiRolesAttributes
> and if roleMapperClass is specified it will use it to map user roles
> onto application roles
> specific for each web context.
> Provided SimpleRoleMapper implementation will read
> WEB-INF/role-map.xml file in each web context
> and will do mappings accordingly
>
> JndiRealm works a little bit different from SimpleRealm or JdbcRealm.
>
> They extract user/password from user Session for Form based
> authentication (from headers for Basic authentication) and then for
> *every request* perform authentication and authorization. This however
> might be a problem if password on backend changes constantly. Password
> cached in User Session Cached or Request Header will expire in lets
> say 15 second and any subsequent attempt to get user roles from
> directory
>
> One solution to the problem would be to cache all
> authentication/authorization info in user session (as tomcat already
> already doing with username and password for form based
> authentication) and use it as a poof of successful authentication for
> all subsequent request.
>
> I am not very familiar with Tomcat's security infrastructure so it
> would be nice if somebody from tomcat team take a look in my source
> code
>
> If it proves to be useful I will port it to tomcat 4
>
> Alex Roytman
>
> For samples, please see tomcat/conf/server.xml and
> WEB-INF/role-map.xml files in the distribution
