From: "Mark Benussi" <[EMAIL PROTECTED]>
However I can tell you about JAAS in Tomcat. In 5 certainly there are
issues. Essentially when you call the LoginModule to invoke your JAAS
config
it works but it does not authenticate the proper session Subject.
Can you explain more about this? I just _finally_ got the jsp-examples
webapp that ships with Tomcat changed over to Kerberos authentication. Am I
about to run into problems?
What you end up doing (Or what I did) was place a request filter in the
app that
wraps the request with an overridden RequestWrapper and you write your own
inUserInRole against the Subject that the LoginModule returns (By placing
it
in the session)
If you want some code, taken from Wendy Smoak ...
... who took it from one of Craig's tomcat-user posts. ;)
http://wiki.wsmoak.net/cgi-bin/wiki.pl?TomcatRequestWrapper
--
Wendy Smoak
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
