You need to write your own Realm implementation. Look at the source for the JDBC Realm.
On another issue to do with Login - Does anyone know how to pass multiple credentials using a FORM login. E.g. the user needs to input a password and a passphrase - But the Realm only get the j_password field. Is it possible to get access to the HttpRequest in the Realm to check for other parameters? Cheers Luke -----Original Message----- From: Ricardo Ramalho [mailto:[EMAIL PROTECTED]] Sent: 22 January 2002 14:51 To: Tomcat Users List Subject: Custom Authentication Hi ppl! Again.... It looks like i wasn't very accurate in my first question here... What i wanted to do is something like this: (hope you guys can help) This is my actual Athentication class, with uses BASIC login. import java.lang.*; import java.sql.*; import javax.sql.*; import javax.naming.*; import java.io.*; import javax.servlet.*; import javax.servlet.http.*; import java.util.*; import java.security.*; import allaire.jrun.util.*; import allaire.jrun.security.*; public class Autentica implements AuthenticationInterface { /** * Initialize the authentication service * @param props The properties for the service */ public void init(OrderedProperties props) throws Exception { //Não se faz nada aki } /** * Destroy the service */ public void destroy() { //Não se faz nada aki } /** * Authenticate the given user with the given credentials (such * as a password). * @param req The servlet request * @param username The username to authenticate * @param method The type of authentication method (BASIC, DIGEST, FORM, * or CLIENT-CERT) * @param credentials Password and/or other credentials necessary * in authenticating the user * @return The Principal associated with the given username, or null * if authentication failed */ public Principal authenticate(HttpServletRequest req, String username, String password) { Principal principal = null; //tipos para a ligação à base de dados Connection dbCon = null; Statement dbStat = null; String sqlStat = null; ResultSet dbRes = null; // If we have a password, attempt to validate it if (password != null) { try { String dbPass = null; //Acesso à base de dados - apanhar uma conecção da pool de conexoes do JRun InitialContext ctx = new InitialContext(); DataSource ds = (DataSource)ctx.lookup("java:comp/env/jdbc/test_db"); dbCon = ds.getConnection(); dbStat = dbCon.createStatement(); sqlStat = "SELECT passwd FROM users WHERE user='" + username + "'"; dbRes = dbStat.executeQuery(sqlStat); dbRes.next(); dbPass = dbRes.getString(1); if (dbPass.equals(password)) { principal = new AuthenticatedPrincipal(username); } } catch (Exception e) { e.printStackTrace(); } } return principal; } /** * Determines if the given principal (user) has been granted the * given role within this authentication realm. * @param principal The principal (user) to verify * @param role The role to verify * @return true if the principal is part of the given role */ public boolean isPrincipalInRole(Principal principal, String role) { return true; } } Thank you for any help in advance ------------------------------------------------- Ricardo Ramalho Carcavelos Lisbon Portugal EWorks Consulting ------------------------------------------------- -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
