From: "Mark Benussi" <[EMAIL PROTECTED]>

However I can tell you about JAAS in Tomcat. In 5 certainly there are
issues. Essentially when you call the LoginModule to invoke your JAAS config
it works but it does not authenticate the proper session Subject.

Can you explain more about this? I just _finally_ got the jsp-examples webapp that ships with Tomcat changed over to Kerberos authentication. Am I about to run into problems?

What you end up doing (Or what I did) was place a request filter in the app that
wraps the request with an overridden RequestWrapper and you write your own
inUserInRole against the Subject that the LoginModule returns (By placing it
in the session)

If you want some code, taken from Wendy Smoak ...

... who took it from one of Craig's tomcat-user posts. ;)

Wendy Smoak

To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to